View Profile
View Forum Posts
Is this encryption software safe? I have some question becuase quite a few recommended this software.
1. Does it have a back door?
2. Can any government agencies crack it?
3. Is it 100% secure.
And finally, which type of encyption is best?
AES
CAST
TripleDES
IDEA
TwoFish
+ Reply to Thread
Results 1 to 11 of 11
-
-
PGP is not known to have back doors. The source code was available for the older versions, so if those had had any it would have made major news in the online world. I trusted PGP back when Phil Zimmerman was doing it. I'm sure it's still fine, but I'm not as comfortable with a company like Network Associates owning it. I trust GnuPG a little more because it's completely open-source, so it's had people auditing its code.
Government agencies probably can crack it because they have access to amazing amounts of computing power and research. However, the question is usually not a matter of "can this be cracked" but one of "is what I'm securing likely to be under a strong enough attack that I should worry".
Any encryption scheme can be broken if you just throw enough computing power at it. The current trend is to just make it difficult enough that it would take a thousand years or more for all the computing power in the world today to break it by brute force. Sometimes the encryption algorithms have flaws, though, which allow analysis to narrow the number of possible keys to the point that it becomes practical to attack it that way. The best way to go is to use a widely available public encryption tool because those have usually been studied and analyzed by a lot of people. PGP is a standard, which is widely available and has not been found to have any significant easily-exploitable flaws. The ones you should never trust are these black-box encryption programs that just throw around buzzwords about their unbreakable proprietary secret encryption schemes.
As for those algorithms, it's hard to define one as being more secure than another. Barring any major flaws, any one of those will be secure enough that it would be very difficult for an attacker to break them. I avoid AES because of its origins. IDEA is under patent in some parts of the world, which means it's more difficult/expensive to (legally) obtain and use software that uses it. I think the others are free and still unbroken.
Usually the weak link isn't the encryption algorithm or the software. Usually the weak link is the person using it. People have a bad habit of using industrial-strength encryption ciphers and key lengths while using an easily-guessed passphrase.A man without a woman is like a statue without pigeons. -
Thanks good info for those intrested. One more thing...
The passphrase has to be entered manually for PGP and cannot be copied and pasted for security purposes.
Now can you explain to me what an average passphrase would be and what a "strong" one would be?
Secondly, do only numbers work or can I add letters or symbols? If yes, how do I input these symbols?
Is a passphrase like 12345678 easily crackable? How about a 32 character passphrase? Is that considered enough "strength". -
Hello Ladies
- Jul 2003
- Studio 54
-
I have two more questions.
1. If you encrypt a file with PGP using a large passphrase like 100+ (250 characters is the max in PGP) can any goverment agencies crack that?
2. If I encrypt a file with PGP. Then take that and encrypt it with WinZip's 256 bit encryption and then run it throught WinRAR's encryption and take the WinRAR encrypted file and run it through PGP again, while using 4 different keys for each one. Does that make it that much harder to crack? -
Anything is crackable and hackable. I couldn't do it thats for sure but there's always someone out there that can crack it. Why are you so concerned about that anyway. YOu have nuclear bomb plans or something that you need to send back to terrorists or something
-
No. I'm just curous to find out.
-
Member
- Apr 2002
- Adrift among the STUPID
-
I wouldn't bother with the winrar encryption or any of the others. Just put it in a bunch of folders. Encrypt the file, then put it in a folder, and encrypt again with different key, then put that in a folder and encrypt that with a different key, etc. After they get done decoding it, you will have died of old age and won't care anymore that they broke the encryption. If you do little reading on the different types of encryption, you'll see the PGP uses some that are very difficult to break. Dedicating the processor time to something like that just doesn't make sense.
Also check for the software called BestCrypt, there are some good features that can be used if you get surprised, and you need to clean a bunch of files fast. You do this by making a BestCrypt container on your drive, then placing files inside that container. Then make another container to hold the first container, and put a self extracting file in with the first container. Then just run the self extracting file, and when it writes the extracted files to the container, it will shread the first container. Or something like that, I read how to do this a while ago, so it might be a little of from what I described. I know it had something to do with self extracting files, and nested containers.Hope is the trap the world sets for you every night when you go to sleep and the only reason you have to get up in the morning is the hope that this day, things will get better... But they never do, do they? -
I'll answer my own question...
from markus JanssonBruteforcing 30+ char (meaning only small and caps letters) passphrase (IF we assume its not a phrase or is not full of normal words) takes more than 2^160 operations.
Again, if we want to put things into perspective here, remember that there are about 2^128 (128bits) atoms in the earth and 2^256 (256bits) particles in the universe. Also, if we look at the laws of (known) physics, the Boltzman constant proves that in order to go throught 2^256bits keys, we would need much more energy that is generated at supernova blast.
An other good perspective is to remember, that to do 2^128 calculations, it would take all the computers of the world more than billion times the age of our universe.
Then again, if it only consist of phrase or english words, its MUCH easier to break. How easy, that is impossible to say without knowing the passphrase. -
Member
- Apr 2002
- Adrift among the STUPID
-
In a non-specific fashion I did answer itOriginally Posted by The village idiot
Hope is the trap the world sets for you every night when you go to sleep and the only reason you have to get up in the morning is the hope that this day, things will get better... But they never do, do they? -
I know you did, thanks. I was just adding more info on the topic if others are intrested.In a non-specific fashion I did answer it
Quote
Visit Homepage
Similar Threads
-
Is it safe to sell our free cell-phones? Also, is it safe to BUY?
By siratfus in forum Off topicReplies: 3Last Post: 12th Dec 2009, 15:30 -
Is MediaCoder 0.7.0.4396 Safe?
By gonwk in forum Newbie / General discussionsReplies: 14Last Post: 23rd May 2009, 18:08 -
Real Alternative: is it safe?
By OM2 in forum Newbie / General discussionsReplies: 9Last Post: 22nd Feb 2009, 19:13 -
Is selling my laptop safe?
By vid83 in forum ComputerReplies: 14Last Post: 13th Feb 2009, 11:51 -
TV Safe Colors ?
By Mike99 in forum Authoring (DVD)Replies: 31Last Post: 13th Nov 2008, 03:01