Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt
Lisa Kachold
lisakachold at obnosis.com
Mon Jun 21 19:52:26 MST 2010
For you tree hugger types, this O'Reilly book by John Viega is available
from the Phoenix public library (probably in at the Central Branch on the
5th floor).
http://www.objectgraph.com/img/blog/book2.png
But sadly not autographed!
On Mon, Jun 21, 2010 at 7:38 PM, Tim Bogart <timbogart at yahoo.com> wrote:
> John Viega is probably one of the leading authorities on the
> vulnerabilities regarding SSL. I used to have his book (signed of course),
> but that's another story. For those who may be interested,
>
>
> http://www.infibeam.com/Books/info/John-Viega/Network-Security-with-Open-SSL/059600270X.html
>
> It's an O'Rielly.
>
> t
>
> ------------------------------
> *From:* Lisa Kachold <lisakachold at obnosis.com>
> *To:* gm5729 at gmail.com; Main PLUG discussion list <
> plug-discuss at lists.plug.phoenix.az.us>
> *Sent:* Mon, June 21, 2010 7:23:49 PM
> *Subject:* Re: Crackabiltiy of OpenSSL, GPG, bcrypt and scrypt
>
>
>
> On Wed, Jun 9, 2010 at 7:36 AM, gk <gm5729 at gmail.com> wrote:
>
>> I hope I am making an apples to apples comparison.
>>
>> I'm not talking about Debian's mess up awhile back. Nor am I talking about
>> something that was flying around Debian's mailing list for OpenSSL,
>> FUSE/ENCFS and AES ciphers.
>>
>>
>> I'm talking overall. Which is the most stable, has the highest probability
>> of not be broken in our lifetimes (20 yrs). Mainly I'm trying to center in
>> on file management, not email. GPG is good for email, but I find that using
>> OpenSSL is actually easier because it is by default installed on *nix boxen,
>> AND is VERY VERY easily installed on M$ products compared to the massive
>> hoops that have to be done for GPG on the later that even a well versed
>> Linux user would be pressed to install right.
>>
>> scrypt claims it is much more difficult in its derivations than bcrypt
>> which is 448 bit Blowfish. Thereby saying it is harder to "crack". However,
>> I can not find anything on scrypt that says what type of encryption method
>> it uses much less bit value.
>>
>> So if you had a face off between OpenSSL, GPG and scrypt for file
>> encryption. Let me say bcrypt has some funky responses once in a while to
>> extra large files, ie > 4gb. Which to use?
>>
>>
>> gk
>>
>> --
>> Remember, it's not that we have something to hide; it's that we have
>> nothing to show.
>>
>> --Keep tunneling.
>>
>
> I would have to take the openssl road here!
>
> Of course, maintaining the most recent stable version and upgrading when
> security issues are found are required of all code or systems tools
> management.
>
> We are not even going to begin to discuss that entropy remains broken.
>
> --
> Office: (480)307-8707
> AT&T: (503)754-4452
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Office: (480)307-8707
AT&T: (503)754-4452
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20100621/97e53934/attachment.html>
More information about the PLUG-discuss
mailing list