Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt

Tim Bogart timbogart at yahoo.com
Mon Jun 21 19:38:23 MST 2010 

John Viega is probably one of the leading authorities on the vulnerabilities regarding SSL.  I used to have his book (signed of course), but that's another story.  For those who may be interested, 

http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html

It's an O'Rielly.

t




________________________________
From: Lisa Kachold <lisakachold at obnosis.com>
To: gm5729 at gmail.com; Main PLUG discussion list <plug-discuss at lists.plug.phoenix.az.us>
Sent: Mon, June 21, 2010 7:23:49 PM
Subject: Re: Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt




On Wed, Jun 9, 2010 at 7:36 AM, gk <gm5729 at gmail.com> wrote:

>I hope I am making an apples to apples comparison.
>
>>I'm not talking about Debian's mess up awhile back. Nor am I talking about something that was flying around Debian's mailing list for OpenSSL, FUSE/ENCFS and AES ciphers.
>
>
>>I'm talking overall. Which is the most stable, has the highest probability of not be broken in our lifetimes (20 yrs). Mainly I'm trying to center in on file management, not email. GPG is good for email, but I find that using OpenSSL is actually easier because it is by default installed on *nix boxen, AND is VERY VERY easily installed on M$ products compared to the massive hoops that have to be done for GPG on the later that even a well versed Linux user would be pressed to install right.
>
>>scrypt claims it is much more difficult in its derivations than bcrypt which is 448 bit Blowfish. Thereby saying it is harder to "crack". However, I can not find anything on scrypt that says what type of encryption method it uses much less bit value.
>
>>So if you had a face off between OpenSSL, GPG and scrypt for file encryption. Let me say bcrypt has some funky responses once in a while to extra large files, ie > 4gb. Which to use?
>
>
>>gk
>
>>-- 
>>Remember, it's not that we have something to hide; it's that we have nothing to show.
>
>>--Keep tunneling.
>
I would have to take the openssl road here!

Of course, maintaining the most recent stable version and upgrading when security issues are found are required of all code or systems tools management.

We are not even going to begin to discuss that entropy remains broken.  

-- 
Office: (480)307-8707
AT&T: (503)754-4452 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100621/3e857f88/attachment.html>

More information about the PLUG-discuss mailing list