Spoonless wrote:
False.
Incorrect
·Theme
- Forums
- Cross Site
- The Asylum
- BitCoin Bubble
BitCoin BubbleFollow
Incorrect
That monster in the mirror, he just might be you. -Grover
someproteinguy wrote:
Spoonless wrote:
False.
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
That monster in the mirror, he just might be you. -Grover
Yodabunny wrote:
No. More secure sure, but there is no such thing as perfect encryption even in this case. You can still brute force this, currently you're looking at millenia of computing time to do it but that changes pretty rapidly at the pace computing power is increasing. Given recent research into quantum computing it may actually be instantaneous in the relatively near future. Relatively being a...relative term of course. 3rd party duplication and verification of transactions with reconciliation of discrepancies properly implemented is the only truly secure option for any digital currency.
The incentive to crack it is just too high for there to not be some form of record to compare against in the event of a discrepancy. Think about what would happen if someone got a hold of all of the equipment and exact materials/know how to create American currency at will. That's what we're talking about here, except now you don't need the materials, the know how is readily available, and there is nobody to tell you you can't or punish you for doing it since it's not regulated by any organization.
The incentive to crack it is just too high for there to not be some form of record to compare against in the event of a discrepancy. Think about what would happen if someone got a hold of all of the equipment and exact materials/know how to create American currency at will. That's what we're talking about here, except now you don't need the materials, the know how is readily available, and there is nobody to tell you you can't or punish you for doing it since it's not regulated by any organization.
Smash is correct about a one-time pad encryption. If implemented correctly, it's basically encryption with an infinite key length and not subject to brute force attacks. Attack vectors for this are usually through side-channels which moves the discussion from virtual (e.g. computational) to physical (e.g. storage medium). This can be mitigated by using dedicated OTP hardware, people with guns, etc.
Notwithstanding the above, contemporary cryptography is still viable for the foreseeable future. Contemporary strong asymmetric algorithms such as RSA are not limited to current key lengths, which are usually 1024- or 2048-bit. These are used as a convention only. The premise on which the algorithm works is general and will work with (effectively) arbitrarily large keys. Just change your key size to 1048576-bit.
Quantum computing is decades away from being viable for cracking keys. Further, all of the speculation on how fast it will take to crack keys is based on today's key lengths. We will no doubt be using larger keys in the near future.
Perfect encryption is something that theoretical mathematicians think about. In practice, there is no such thing as perfect data security because there are always side-channel (human, tempest, etc) attacks that can be used to get at the underlying data. In practice, crypto systems are designed such that the cost to circumvent the security should exceed the value of the data you're trying to protect. That is, why would you spend $100 to bypass security for something valued at $1?
Love,
PunkFloyd
PunkFloyd
PunkFloyd, King of Bards wrote:
That is, why would you spend $100 to bypass security for something valued at $1?
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
lolgaxe wrote:
PunkFloyd, King of Bards wrote:
That is, why would you spend $100 to bypass security for something valued at $1?
Yes, but at that scale you'd only be getting paid a nickel annually.
Love,
PunkFloyd
PunkFloyd
lolgaxe wrote:
To show you can and get a job plugging that hole.
Are we still talking cryptography?
PunkFloyd, King of Bards wrote:
Yodabunny wrote:
No. More secure sure, but there is no such thing as perfect encryption even in this case. You can still brute force this, currently you're looking at millenia of computing time to do it but that changes pretty rapidly at the pace computing power is increasing. Given recent research into quantum computing it may actually be instantaneous in the relatively near future. Relatively being a...relative term of course. 3rd party duplication and verification of transactions with reconciliation of discrepancies properly implemented is the only truly secure option for any digital currency.
The incentive to crack it is just too high for there to not be some form of record to compare against in the event of a discrepancy. Think about what would happen if someone got a hold of all of the equipment and exact materials/know how to create American currency at will. That's what we're talking about here, except now you don't need the materials, the know how is readily available, and there is nobody to tell you you can't or punish you for doing it since it's not regulated by any organization.
The incentive to crack it is just too high for there to not be some form of record to compare against in the event of a discrepancy. Think about what would happen if someone got a hold of all of the equipment and exact materials/know how to create American currency at will. That's what we're talking about here, except now you don't need the materials, the know how is readily available, and there is nobody to tell you you can't or punish you for doing it since it's not regulated by any organization.
Smash is correct about a one-time pad encryption.
Uh... Smash is technically correct, and Yoda's whole "brute force" statement is absolutely wrong, but the result isn't really what Smash is implying either. Yes. Single pad encryption can't be broken. But there are several conditions, and the first of them is a biggie. It's only perfectly secure *if* the key is the same length as what you're encrypting. If it's not, there's a possibility of detecting a repeating pattern. This is problematic if we're dealing with anything other than short text messages since there's no way someone's going to just remember a 50,000 character password. Ergo, the key has to be stored somewhere, almost certainly digitally given the data type we're talking about, which means if you can get to the data in the first place, you can probably get to the key. It's not like there's any value in this scenario to be transmitting the encrypted bitcoins around or anything. You're just storing it somewhere. So there's no real difference between storing it unencrypted on some removable device you have hidden in your mattress and storing it on your computer, and hiding the key on a removable device you have hidden in your mattress. You're fooling yourself if you think it's more secure.
Quote:
If implemented correctly, it's basically encryption with an infinite key length and not subject to brute force attacks. Attack vectors for this are usually through side-channels which moves the discussion from virtual (e.g. computational) to physical (e.g. storage medium). This can be mitigated by using dedicated OTP hardware, people with guns, etc.
Problem is that the use model we're talking about doesn't lend itself to single pad being used properly. I'll point out again that all the side methods you'd use to secure the key could also be used just as effectively to secure an unencrypted file. You gain very close to zero extra security doing this. Single pad encryption is most effective when pointA and pointB have obtained the only two copies of a key previously (and hopefully securely). PointA encrypts using the key and then destroys their copy. The encrypted message is then sent via a presumably insecure method to pointB, where it's decrypted using their copy of the key (which is then destroyed as well).
There is no value to encrypting something at pointA, and then holding onto the key in order to decrypt it at pointA at some point in the future. As I said, you gain zero security doing that because you've kept the key you used to encrypt it. Also, it only makes sense to use this method if you have a secure way of distributing keys, but it's time consuming or cumbersome, and you need a means to communicate quickly and securely via otherwise insecure means. If you had plenty of time to transmit the message, you'd just send it the same way you send the keys, right? So once again, the use model fails.
Quote:
Notwithstanding the above, contemporary cryptography is still viable for the foreseeable future. Contemporary strong asymmetric algorithms such as RSA are not limited to current key lengths, which are usually 1024- or 2048-bit. These are used as a convention only. The premise on which the algorithm works is general and will work with (effectively) arbitrarily large keys. Just change your key size to 1048576-bit.
It's not that simple either, and once again, the means typically used to "hack" encryption really only means longer time, not increased difficulty. It's not useless of course, but it's also incredibly dependent on *what* is being encrypted.
Edited, Apr 4th 2013 2:10pm by gbaji
King Nobby wrote:
More words please
A bitcoin wallet is pretty small. It wouldn't be impossible to memorize the key.
Well, that assumes that the message existed when the keys were given, or that the means they were originally transmitted with still exist. Once the key has been transmitted, it can be used at any time, even if there will never again be a time when it will be possible to securely transmit another message.
Edited, Apr 4th 2013 5:37pm by Rachel9
Quote:
Also, it only makes sense to use this method if you have a secure way of distributing keys, but it's time consuming or cumbersome, and you need a means to communicate quickly and securely via otherwise insecure means. If you had plenty of time to transmit the message, you'd just send it the same way you send the keys, right? So once again, the use model fails.
Edited, Apr 4th 2013 5:37pm by Rachel9
Rachel9 wrote:
A bitcoin wallet is pretty small. It wouldn't be impossible to memorize the key.
I think your idea of "small" in this case isn't going to work. How many bytes? Every character of data would need to match a character in the key for this to work as a perfect single pad encryption. So depending on character set, block sizes, whatever, a 1k file might require a 1,000 character key. A 1MB file would require a 1 million character field (yeah, I'm rounding).
"Pretty Small" in modern computing terms is still astronomically large in terms of human accessible strings of data.
Quote:
Quote:
Also, it only makes sense to use this method if you have a secure way of distributing keys, but it's time consuming or cumbersome, and you need a means to communicate quickly and securely via otherwise insecure means. If you had plenty of time to transmit the message, you'd just send it the same way you send the keys, right? So once again, the use model fails.
Yes. Obviously. My point is that if this wasn't the case (meaning you could securely send keys and could wait until the next time you did so to send the message), you wouldn't need to bother with sending the keys. You'd just send the data, right?
Quote:
Once the key has been transmitted, it can be used at any time, even if there will never again be a time when it will be possible to securely transmit another message.
Correct. That's the entire point. Again, this assumes that there's some secure time/method at which you can share keys ahead of time, but you'll need to send messages via insecure means. If those conditions don't exist, then single pad encryption isn't terribly useful. Sure the encryption is secure, but you aren't actually buying yourself anything by using it. I could take my dinner out of the oven, lock it in a safe, the immediately unlock the safe and eat my dinner. Or I could just eat my dinner. The process of using the safe didn't make my dinner any more safe in that case. Neither does using single pad encryption in this case.
King Nobby wrote:
More words please
Quote:
How many bytes?
Na na na na na na na na Batcoin!
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Uh... Smash is technically correct, and Yoda's whole "brute force" statement is absolutely wrong, but the result isn't really what Smash is implying either. Yes. Single pad encryption can't be broken. But there are several conditions, and the first of them is a biggie. It's only perfectly secure *if* the key is the same length as what you're encrypting. If it's not, there's a possibility of detecting a repeating pattern. This is problematic if we're dealing with anything other than short text messages since there's no way someone's going to just remember a 50,000 character password. Ergo, the key has to be stored somewhere, almost certainly digitally given the data type we're talking about, which means if you can get to the data in the first place, you can probably get to the key.
Or, if you weren't a moron, you'd store the key separately on a physical device not connected to anything. Jesus, really? You didn't get to just separating the data from the key in the ******* magical circus calliope of logic that plays in your head? "here's an encrypted message, oh and here in the same envelope, I've also sent the plain text, don't let anyone see it"
How stupid are you, exactly? One time pad, put a flash drive with the key in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Or, if you weren't a moron, you'd store the key separately on a physical device not connected to anything. Jesus, really? You didn't get to just separating the data from the key in the ******* magical circus calliope of logic that plays in your head? "here's an encrypted message, oh and here in the same envelope, I've also sent the plain text, don't let anyone see it"
How stupid are you, exactly? One time pad, put a flash drive with the key in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Disclaimer:
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
Smasharoo wrote:
Uh... Smash is technically correct, and Yoda's whole "brute force" statement is absolutely wrong, but the result isn't really what Smash is implying either. Yes. Single pad encryption can't be broken. But there are several conditions, and the first of them is a biggie. It's only perfectly secure *if* the key is the same length as what you're encrypting. If it's not, there's a possibility of detecting a repeating pattern. This is problematic if we're dealing with anything other than short text messages since there's no way someone's going to just remember a 50,000 character password. Ergo, the key has to be stored somewhere, almost certainly digitally given the data type we're talking about, which means if you can get to the data in the first place, you can probably get to the key.
Or, if you weren't a moron, you'd store the key separately on a physical device not connected to anything.
Or, if you weren't a moron, you'd store the key separately on a physical device not connected to anything.
You didn't bother to read my whole post did you? Why not just store the unencrypted file on a physical device not connected to anything then? Do you see how this offers exactly the same level of protection?
Quote:
How stupid are you, exactly?
That's ironic given you're making a classic computer security error right now.
Quote:
One time pad, put a flash drive with the key in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Put a flash drive with the unencrypted file in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Do you understand why one is identical to the other in terms of security?
King Nobby wrote:
More words please
Apperently we should store our flash drive wallets in face mask armor?
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Quote:
You didn't bother to read my whole post did you? Why not just store the unencrypted file on a physical device not connected to anything then? Do you see how this offers exactly the same level of protection?
Edited, Apr 4th 2013 9:27pm by Rachel9
Rachel9 wrote:
Quote:
You didn't bother to read my whole post did you? Why not just store the unencrypted file on a physical device not connected to anything then? Do you see how this offers exactly the same level of protection?
The only reason for encrypting the file in the first place is if you expect that someone will be able to access it somehow. Don't get me wrong, you are correct that putting them in two different places that are both not networked (or otherwise easily accessible) does increase the security, but it's like adding a lock to the screen door in front of a thick door with a deadbolt. Sure, it's an extra step, but the point of the thick door is that you assume they've already opened the screen.
Could just as easily break the file into multiple binary pieces (using say dd), and store them in different off site locations and then recombine them later. My point is that you're engaging in a completely different form of security at that point, and the encryption part isn't really significant. All you're doing is requiring the attacker to have X number of things to get at what he wants. Obviously, the higher the value of X, the harder you make this, but what each part is doesn't really matter.
Again though, this is largely moot given that the more likely means of losing the value of your bitcoins has nothing to do with how secure your wallet is. We're kinda arguing about whether a given model of strainer will do a better job of holding water.
King Nobby wrote:
More words please
Put a flash drive with the unencrypted file in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Do you understand why one is identical to the other in terms of security?
Do I understand your argument, yes. Is it correct, no. If it were, multi-factor authentication wouldn't exist. Oddly, it does. Can you see why?
Do you understand why one is identical to the other in terms of security?
Do I understand your argument, yes. Is it correct, no. If it were, multi-factor authentication wouldn't exist. Oddly, it does. Can you see why?
Disclaimer:
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
Quote:
Could just as easily break the file into multiple binary pieces (using say dd), and store them in different off site locations and then recombine them later. My point is that you're engaging in a completely different form of security at that point, and the encryption part isn't really significant. All you're doing is requiring the attacker to have X number of things to get at what he wants. Obviously, the higher the value of X, the harder you make this, but what each part is doesn't really matter.
I store my key in the Transgender Rights thread. Good luck finding it.
Edited, Apr 5th 2013 1:55pm by Spoonless
Edited, Apr 5th 2013 1:55pm by Spoonless
Dread Lörd Kaolian wrote:
Apperently we should store our flash drive wallets in face mask armor?
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
Smasharoo wrote:
Put a flash drive with the unencrypted file in a safe, done, secure forever unless someone can physically acquire the flash drive in which case they can likely shoot you in the face or the like, rendering the loss of your bit-coin fairly trivial.
Do you understand why one is identical to the other in terms of security?
Do I understand your argument, yes. Is it correct, no.
Do you understand why one is identical to the other in terms of security?
Do I understand your argument, yes. Is it correct, no.
Um... It's correct Smash. Set your ego aside for a second (if that's possible). If your security model absolutely depends on securing an unencrypted file from being accessed by someone else, then it does not matter if that unencrypted file is the wallet file or the file containing the key to decrypt that wallet file. Thinking otherwise shows how you really don't have a clue what the hell you're talking about.
Quote:
If it were, multi-factor authentication wouldn't exist. Oddly, it does. Can you see why?
I see that you've memorized a term that you don't understand and doesn't actually apply to this case. No one's arguing we can't apply additional layers of security. But those additional layers (which on their own may add some additional security) don't have any bearing on the basic question of whether the file we're keeping on a offline storage device contains the unencrypted data we're securing *or* the keys to decrypt the data. And frankly, one can argue strongly that it's safer to do the former rather than the latter, since the latter assumes you're keeping the encrypted file someplace where others may see it. Which means you've given information to a potential hacker that the former state doesn't (that you must have an decryption key somewhere and he should try to obtain it).
Seriously, there are like whole chapters in security books dedicated to trying to explain (often unsuccessfully unfortunately) to neophyte's why what you're trying to do is a mistake.
Edited, Apr 5th 2013 2:06pm by gbaji
King Nobby wrote:
More words please
This is a lot of back and forth trying to secure an online currency for multiple life times when it could disappear in half a decade...
Can't sleep, clown will eat me.
Um... It's correct Smash
It's not. I'm not going to argue about it any longer, we'll agree to disagree. I can see why you don't understand, I can't think of an easy way for you to understand, I can't think of anything gained by doing so.
It's not. I'm not going to argue about it any longer, we'll agree to disagree. I can see why you don't understand, I can't think of an easy way for you to understand, I can't think of anything gained by doing so.
Disclaimer:
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a *****. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.
Recent Visitors: 275
All times are in CST
Anonymous Guests (275)
- Forums
- Cross Site
- The Asylum
- BitCoin Bubble
© 2024 Fanbyte LLC