MattUK
Premium
join:2003-03-23
UK | reply to jansson_mark
Re: I like Truecrypt - but...
*bump* |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to TC guru
said by TC guru:
This can only corrupt your data.
Eeeehhh. No. I think it can only mess the partition/container so that you have to scandisk it.
quote:
No point in adding these algorithms.
Well yes, to give 256bit security margin. SHA-1 does not give that.
quote:
No "attacks" have been made against SHA-1 (only at a reduced variant).
Wrong. Read the posts and links in this forum too about this subject. The SHA-1 is not as completely broken as MD5 and SHA-0, but its security is severely beaten and it should not be used.
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
TC guru
@upc.cz
| > Eeeehhh. No. I think it can only mess the partition/container so that you have to scandisk it.
Have you ever seen what happens to FAT, when you get Blue Screen in Windows after you attempt to do brutal dismount? Apparently not. I have, and believe me that the FAT was so corrupted that Scandisk could do nothing to fix it.
> Well yes, to give 256bit security margin. SHA-1 does not give that.
Nope. TrueCrypt and E4M (as opposed to Scramdisk) use PKCS-5 v2.0. This standard allows using even 1-bit hash function (yes, one-bit) without entropy of the derived key being affected. Read this document to at least understand what I am talking about:
»ftp://ftp.rsasecurity.com/pub/pkcs/pkc···v2-0.pdf
> The SHA-1 is not as completely broken as MD5 and SHA-0, but its security is severely beaten and it should not be used.
You clearly do not know what you are talking about and only spread FUD. Educate yourself, for example, at: »www.cryptography.com/cnews/hash.html
To quote from the page:
Q: Is SHA-1 broken?
A: No. Eli Biham described attacks that work against simplified versions of SHA-1, but there is no suggestion that any known attack technique can be extended to break the full SHA-1. (The attacks presented against SHA-0 are also effective against a 36-round reduced variant of SHA-1, but the standard version of SHA-1 uses a full 80 rounds and has not been compromised.) Although there has been speculation that SHA-1 will fall soon, extending the current results to the full SHA-1 appears to be an extremely difficult problem and we do not anticipate such an attack in the immediate future. Nevertheless, the new results certainly do merit a full re-evaluation of all hash functions. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by TC guru:
Have you ever seen what happens to FAT, when you get Blue Screen in Windows after you attempt to do brutal dismount?
I have seen that several times with PGPdisk and Scramdisk. Nothing has happened, some times I have run scandisk and it has actually found something, usually nothing.
quote:
Nope. TrueCrypt and E4M (as opposed to Scramdisk) use PKCS-5 v2.0. This standard allows using even 1-bit hash function (yes, one-bit) without entropy of the derived key being affected.
Please explain. I doubt that. With x amount of bits in hash, you get x/2 bits security. Period. If you do multiple hashing (let say two) with SHA-1, you wont get 160+160=320 bits of material, you will get 160+1)161 bits of security material, since calculating two hashes only doubles the complexity of attack from 2^160 to 2^161.
quote:
Read this document to at least understand what I am talking about:
Frankly, I have no idea what they are saying there. I dont understand any of those maths etc. they are talking about. Please explain.
quote:
You clearly do not know what you are talking about and only spread FUD.
I know, but do you?
quote:
Q: Is SHA-1 broken?
A: No.
I didnt say SHA-1 was broken. I sayed its security is severely beaten. Meaning this:"Although there has been speculation that SHA-1 will fall soon, extending the current results to the full SHA-1 appears to be an extremely difficult problem and we do not anticipate such an attack in the immediate future. Nevertheless, the new results certainly do merit a full re-evaluation of all hash functions."
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
TC guru
@200.48.x.x
| > I have seen that several times with PGPdisk and Scramdisk. Nothing has happened, some times I have run scandisk and it has actually found something, usually nothing.
Then you were lucky.
> Please explain. I doubt that. With x amount of bits in hash, you get x/2 bits security. Period. If you do multiple hashing (let say two) with SHA-1, you wont get 160+160=320
The HMAC-SHA-1 and HMAC-RIPEMD-160 are basically used as pseudo-random number generators, seeded with the password you enter. Now, imagine a 1-bit hash function which generates unbiased, uniformly distributed results. If you concatenate 160 1-bit output values of this function you get a 160-bit string whose entropy is equal to a 160-bit string generated by a 160-bit pseudorandom fucntion (seeded with your password). This is how PKCS-5 works. It does not matter how many bits a HMAC outputs, the only concern in this case is that its output must be unbiased and the values must be uniformly distributed (which both HMAC-SHA-1 and HMAC-RIPEMD-160 comply with).
>> You clearly do not know what you are talking about and
>> only spread FUD.
> I know, but do you?
Seeing that you did not understand the quite simple math in that document, I'm afraid you don't.
> I didnt say SHA-1 was broken. I sayed its security is severely beaten.
First, "its security is severely beaten" is FUD and nonsense.
Second, you said that SHA-1 should not be used. FUD again. If you were to stop using all cryptographic primitives whose reduced variants have been broken, there would not be a cipher you could use. Consider this:
AES-128: 9 rounds out of 10 broken.
AES-192: 9 rounds out of 12 broken.
AES-256: 9 rounds out of 14 broken.
(and this was known before Rijndael was chosen as AES!)
Blowfish, Twofish, Serpent, MARS, RC6: x rounds out of y broken, etc. etc. I could go on (I am not aware of a single decent scrutinized cipher whose reduced variant has not been broken.) Now all these ciphers, by your definition, should not be used.
-- |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
2 edits | said by TC guru:
The HMAC-SHA-1 and HMAC-RIPEMD-160 are basically used as pseudo-random number generators, seeded with the password you enter.
How is the other data generated and stored (salt I guess)? How much salt etc. is used? Similiar system is used in my Jaxor encryption, but its security is only the amount of the hash size ofcourse.
quote:
Now, imagine a 1-bit hash function which generates unbiased, uniformly distributed results. If you concatenate 160 1-bit output values of this function you get a 160-bit string whose entropy is equal to a 160-bit string generated by a 160-bit pseudorandom fucntion (seeded with your password). This is how PKCS-5 works.
Are you saying that what it does is that it generates first hash using the passphrase, then second hash using the 2nd iteration of the passphrase hash, then third using the 3rd iteration of the passphrase hash, etc. etc.? Or something like that?
If that is true, then, again, it only gives marginal security, since all what has to be done is to "break" (brute force, birtday paradox, whatever) the one hash with difficulty of X. Breaking the rest, lets say, two other, hashes only increases the difficulty to 3X. So, in terms of bits, the difficulty raises from 80 or 160 to 83 or 163 bits. Not to 240 or 480 bits.
quote:
Seeing that you did not understand the quite simple math in that document, I'm afraid you don't.
Argumentum ad hominem.
I understand some math, but I dont understand a trek about ENGLISH description about the subject. Let see if you understand anything about some similiar description written in finnish...
quote:
First, "its security is severely beaten" is FUD and nonsense.
Oh no.
»www.computerworld.com/securityto···,00.html
"This year, Eli Biham and Rafi Chen, and separately Antoine Joux, announced some pretty impressive cryptographic results against MD5 and SHA. Collisions have been demonstrated in SHA. And there are rumors, unconfirmed at this writing, of results against SHA-1...The magnitude of these results depends on who you are. If you're a cryptographer, this is a huge deal."
quote:
Second, you said that SHA-1 should not be used. FUD again.
»www.computerworld.com/securityto···,00.html
"It's time for us all to migrate away from SHA-1."
quote:
Consider this:
AES-128: 9 rounds out of 10 broken.
AES-192: 9 rounds out of 12 broken.
AES-256: 9 rounds out of 14 broken.
Wrong, its 7/10.
»www.markusjansson.net/erecent.html
"best known attacks currently breaks 7/10 and 9/14 rounds of AES. For example, the best attack only breaks 8/16 rounds of Twofish and 10/32 rounds of Serpent ciphers"
quote:
Now all these ciphers, by your definition, should not be used.
AES should not be used at all because of that (and other issues). Twofish and especially Serpent are still secure enought.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
gkweb
join:2003-06-09
76800
1 edit | reply to jansson_mark
Hi Markuss,
I don't want to hijack the thread, but about AES, it has been studied by many cryptography experts all around the world and none found weaknesses to it, none said that it was unsecure ?
I don't say AES is completly secure, I just ask for more details if you say that it is not, If I remember well the computation power required to break it by brute force was completly impossible to reach.
I am just asking for information 
regards,
gkweb. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by gkweb  :
I don't want to hijack the thread, but about AES, it has been studied by many cryptography experts all around the world and none found weaknesses to it, none said that it was unsecure ?
Well, yes and no. Bruce Schneier has sayed it does not have good security margin and its construction is too simple (it may be possible to be solved very easily indeed)!
quote:
If I remember well the computation power required to break it by brute force was completly impossible to reach.
Orcourse. So would it be with Enigma even today, but still they cracked enigme in 1930:s... The keysize does not matter if the algorithm is insecure. It can have zillion bit keysize and still it can be solved in second.
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
| reply to jansson_mark
said by jansson_mark :
Similiar system is used in my Jaxor encryption, but its security is only the amount of the hash size ofcourse.
You might want to get some professional opinions on your opinion method, perhaps by posting a description in »www.security-forums.com/forum/vi···php?f=20 after reading the guidelines at »www.security-forums.com/forum/vi···?t=18071. (A cut and paste from your website should be sufficient) If I remember correctly, Jaxor was a XOR based encryption algorithm. Not that I know that much about encryption but I would guess the the main weakness is the "pseudorandomness" rather than "real" randomness invoved. XOR algorithms are greatly weakened if "actual" random data is not used, I think. Also try doing a search on that forum for "XOR encryption". You may be interested in what others have come up with. |
|
TC guru
@200.48.x.x
| reply to jansson_mark
> How is the other data generated and stored (salt I guess)? How much salt etc. is used?
Do you always ignore program documentations?
> Are you saying that what it does is that it generates first hash using the passphrase, then second hash using the 2nd iteration of the passphrase hash
One hash is generated by hashing the password concatenated with iteration count (index) + other mixing operation. Read the PKCS-5 v2.0 paper and after you fully understand it, come back with questions.
> I understand some math, but I dont understand a trek about ENGLISH description about the subject.
You said you didn't undestand the math...
>> First, "its security is severely beaten" is FUD and
>> nonsense.
> Oh no.
Oh yes. SHA-1 is as "broken" as e.g., Twofish (i.e., secure and not broken).
> Wrong, its 7/10.
Nope, it's 9 out of 10.
> Twofish and especially Serpent are still secure enought.
I thought that a cryptographic primitive whose reduced variant has been broken should not be used, as you said. Now you are saying otherwise. Good, I can see you can actually be educated. |
|
TC guru
@200.48.x.x
| reply to jansson_mark
First, Bruce Schneier probably hates AES (Rijndael) because they did not select his Twofish as AES. His arguments are not new either. The fact is, that last year AES-192 and AES-256 were approved to protect classified information up to the Top Secret level. It will be hard to persuade someone that it is insecure. |
|
TC guru
@200.48.x.x
| reply to ghost16825
> You might want to get some professional opinions on your opinion method, perhaps by posting a description in »www.security-forums.com/forum/viewforu..
security-forums.com is hardly a forum read by professionals. Try sci.crypt, but read their FAQ before posting, so as not to piss them off. |
|
ghost16825
Use security metrics
Premium
join:2003-08-26
| said by TC guru:
security-forums.com is hardly a forum read by professionals. Try sci.crypt, but read their FAQ before posting, so as not to piss them off.
Perhaps, but there are some there like Justin Troutman, a cryptoanalyst who can give quite professional opinions on crypto issues. There are also some others who are quite knowledgeable without being "elitist" if you get what I mean. But yes, sci.crypt is also a good place to post an algorithm. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to TC guru
said by TC guru:
Do you always ignore program documentations?
Ad nauseam.
I told you, I dont understand complicated english that well.
quote:
One hash is generated by hashing the password concatenated with iteration count (index) + other mixing operation. Read the PKCS-5 v2.0 paper and after you fully understand it, come back with questions.
So, there are just several different hashing operations, as I sayed. Creating two hashes with SHA-1 for example does not give 320bits of security, but only 161bits.
quote:
Oh yes. SHA-1 is as "broken" as e.g., Twofish (i.e., secure and not broken).
Wrong. They have broken MD5 and have shown that similiar dangers exist in SHA-1. This is not the case with Twofish.
quote:
Nope, it's 9 out of 10.
Source?
Applied Cryptography, 4th edition sayes its 7/10.
quote:
I thought that a cryptographic primitive whose reduced variant has been broken should not be used, as you said.
Wrong. What I sayed and meant was that when something based on formulaX is broken, you cannot concider anything that is based on similiar formulaX secure. Serpent and AES are totally different "formula", where MD5 and SHA-1 arent when it comes to this kind of attack.
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to TC guru
said by TC guru:
First, Bruce Schneier probably hates AES (Rijndael) because they did not select his Twofish as AES.
Argumentum ad hominem.
quote:
His arguments are not new either.
The fact that they are old does not make them invalid.
quote:
The fact is, that last year AES-192 and AES-256 were approved to protect classified information up to the Top Secret level.
So what? Oh, you think US goverment cannot make any mistakes? LOL!
quote:
It will be hard to persuade someone that it is insecure.
Yes, there are always people who dont understand logic and good arguments and its impossible to persuade them to get the facts. The best attacks break almost all rounds of AES, while only 1/3 of the rounds of Serpent. Also, there is the danger that AES is "too simple" cipher and could be solved very easily some day.
--
My computer security & privacy related homepage »www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
pkirkaas
join:2004-09-09
Denmark
| Hmm, back to TrueCrypt...
Does anyone know if they plan to allow the resizing of volumes after they are created? I can't find any references to that, but that would be a very useful feature.
The original poster asked if there was any way to contact the authors/maintainers. Is there?
Thanks,
Paul |
|
MattUK
Premium
join:2003-03-23
UK
| said by pkirkaas :
Does anyone know if they plan to allow the resizing of volumes after they are created? I can't find any references to that, but that would be a very useful feature.
Exactly my thoughts! And TwoFish implimentation would make this a superb program IMO.
--
»forum.gladiator-antivirus.com /// Gladiator Security Forum Moderator |
|
pkirkaas
join:2004-09-09
Denmark | And since we are posting a wishlist into a bit bucket, being able to mount network volumes (using a remote file on a network drive as a local encrypted drive) would be an obvious big win...
Paul |
|
