how long of a password could the world's best computer crack?

[Matthias99]

Originally posted by: dnuggett

Originally posted by: eigen

Originally posted by: dnuggett

I know someone who worked for the NSA, and while they can do a lot of stuff, they can't backdoor their way into mathematically secure encryption algorithms.

They sure can. Most algorithms aren't built from scratch and follow certain predictability. They re-create advanced algorithms everyday.

Can you elaborate, as your post makes no sense.. What do you mean by follow certain predictability. Do you mean that the algorithmn is known, of course it is, all secrecy lies in the key. Do you mean that ciphers are built around the principles of diffusion and dependncy on the key. so what it falls back to the key. Of course the stucture of the cipher does lend itself to attacks (linear and differential cryptananalysis increasing along with ellipitic and linear/equation solving attacks) bu that is the nature of the game. In saying that the NSA can just go around breaking ciphers implies that the NSA can go around solving NP-complete problems at will. They may be able to but you certainly don't know that.

No, I cannot elaborate.

IE, you're talking out of your ass.

Unless they've got polynomial-time solutions to several NP-hard problems (and possibly the NP-complete set as well), they cannot find a truly randomly selected key -- let alone deduce an unknown encryption algorithm -- without quite a bit of effort. There are certainly ways to attack most (if not all) known encryption schemes, but the implication that they have a "back door" into, say, the RSA encryption algorithm, is ludicrous.

 

[dnuggett]

Originally posted by: Matthias99

Originally posted by: dnuggett

Originally posted by: eigen

Originally posted by: dnuggett

I know someone who worked for the NSA, and while they can do a lot of stuff, they can't backdoor their way into mathematically secure encryption algorithms.

They sure can. Most algorithms aren't built from scratch and follow certain predictability. They re-create advanced algorithms everyday.

Can you elaborate, as your post makes no sense.. What do you mean by follow certain predictability. Do you mean that the algorithmn is known, of course it is, all secrecy lies in the key. Do you mean that ciphers are built around the principles of diffusion and dependncy on the key. so what it falls back to the key. Of course the stucture of the cipher does lend itself to attacks (linear and differential cryptananalysis increasing along with ellipitic and linear/equation solving attacks) bu that is the nature of the game. In saying that the NSA can just go around breaking ciphers implies that the NSA can go around solving NP-complete problems at will. They may be able to but you certainly don't know that.

No, I cannot elaborate.

IE, you're talking out of your ass.

Unless they've got polynomial-time solutions to several NP-hard problems (and possibly the NP-complete set as well), they cannot find a truly randomly selected key -- let alone deduce an unknown encryption algorithm -- without quite a bit of effort. There are certainly ways to attack most (if not all) known encryption schemes, but the implication that they have a "back door" into, say, the RSA encryption algorithm, is ludicrous.

Believe what you will.... but I don't think you truly grasp the prowress of the NSA. And you are giving way too much credit into the idea that truly random numbers are used. Or like most maybe you don't understand how to achieve true randomness.

 

[botman]

isn't it just a little silly to assume that the NSA has found a solution to a creating an effecient algorithm for factoring numbers where the rest of the world's mathmaticians have come up blank? i'm sorry, but this just sounds like a conspiricy theory to me.

 

[AnthraX101]

Originally posted by: botman
isn't it just a little silly to assume that the NSA has found a solution to a creating an effecient algorithm for factoring numbers where the rest of the world's mathmaticians have come up blank? i'm sorry, but this just sounds like a conspiricy theory to me.

What he is actually suggesting, I think, is the old idea that the NSA has convinced some of the crypto programmers to use less then ideal PRNG's. If you are able to predict the next number out of random number source used in forming the keys for a cryptosystem, it can become easy to break.

I think that this is a bit overly optimistic of the capabilities of the NSA. I think it's no question that they have approached some of the programmers, and probably convinced some of them to put in a weakness. But then I could turn around and make my own implementation. I doubt that the NSA has a backdoor into /dev/random.

AnthraX101

 

[Shalmanese]

Originally posted by: botman
isn't it just a little silly to assume that the NSA has found a solution to a creating an effecient algorithm for factoring numbers where the rest of the world's mathmaticians have come up blank? i'm sorry, but this just sounds like a conspiricy theory to me.

We currently have two possibilities here:

1. That you a member of the NSA and, whats more, a particularly bad one since you go on random internet message boards and spew possibly sensitive crap about your work to increase your epenis size.

2. Your just some random 13 year old who thinks hackers are kewl and that you want to be kewl.

Personally, I'm leaning towards 2 atm. Even most commercial crypto systems don't rely on the PRNG anymore for key generation and use stuff like keyboard strokes and mouse movement. Most industrial grade crypto uses thermal noise and isotopic decay for their RNG which, if found to be non-random, would have far more implications for basic physics than just trivial code-breaking. Even amatuer cryptographers can just hook a microphone up to the system and get a nice handy white noise generator so any way of cracking PRNG's is rapidly losing relevance.

 

[Spencer278]

Originally posted by: f95toli
One interesting note: I was once the user of a system with less strict rules, the only rule was that the password had to be at least 6 charachters long.
Anyway, when you sígned up for an account you were also asked to choose a password (which could be changed later). The sysop would tell the user NOT to use a word, place or name (the usual rules).
Now, the sysop always ran the choosen password through a test-routine (I think it was basically a simple dictonary cracker) to make sure it was "safe". The test took about 10s or so.
The amazing thing is that I was present 3 diffrent times when the test failed, meaning that the uses had choosen a password which was easy to crack. Apparantly this happened frequently, so about 10s after being told NOT to use a simple passwords the users still did...

Users are truly the worst security problem, much worse than any bug in windiws.

Well as long as the password file isn't posted on the internet then it really ins't much of a problem that user choose a stupid password. Of courses another problem with requiring stupidly complex password means the user will either write it down or never change the password. I get greated we a paragrah just to spew out the password requirments to change my password like I got with one server I just keep my really old password. Like this I couldn't even figure out a new password no less remeber weeks latter.

A valid password should be a mix of upper and lower case letters,
digits, and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

 

[ss284]

Random numbers are a fallacy in the worth of pure digital computing. It is impossible to generate a truly random number/string with a computer based algorithm, because you are using an algorithm to generate it in the first place. The best method is to actually use multiple algorithms, and even a touch of human input like throwing darts on a list of numbers.


-Steve

 

[Shalmanese]

ss284, please don't spread misinformation. A combination of different RNG's nearly always lead to a number sequence that is less random unless set up ver carefully. The current crop of psuedo-random RNG's are very good and very close to idealised random. However, even most of the very basic encryption processes base part of the key generation on non-random sources so this isn't very much of a problem at all.