Article <4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>

Deutsch English Français Italiano
<4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.quux.org!news.nk.ca!rocksolid2!i2pn2.org!.POSTED!not-for-mail
From: Stefan Claas <fgrsna.pynnf@vagrearg.eh>
Newsgroups: sci.crypt
Subject: Re: What are the chances of this encrytion being broken?
Date: Mon, 24 Mar 2025 20:07:13 +0100
Organization: i2pn2 (i2pn.org)
Message-ID: <4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>
References: <vrrh0h$nscg$1@dont-email.me> <fCwjUEYVF8eg0zhdLcl3X+q7CCGal0Ox3PTmngktqnw=@writeable.com> <vrrovm$11oms$1@dont-email.me> <vrs7tj$1faj3$1@dont-email.me>
MIME-Version: 1.0
Injection-Date: Mon, 24 Mar 2025 19:07:13 -0000 (UTC)
Injection-Info: i2pn2.org;
	logging-data="1584231"; mail-complaints-to="usenet@i2pn2.org";
	posting-account="ieSrCjSDShpZNyqIW52mlwIkg76Hsp+TOOO6KTdfCN8";
User-Agent: flnews/1.3.0pre29 (for GNU/Linux)
Cancel-Lock: sha1:c3SA8bGxcF1W6Lp7vo8dOyqpQjo=
X-Spam-Checker-Version: SpamAssassin 4.0.0
X-Ed25519-Sig: 190881658036763a59bba4582bace9f1ca7a7430ace965d7b93784e6d69e4dfa
 305f028cb405af39203406d0fc5b503a3bcebbfdc781a862478c97a317c12b0f
X-Ed25519-Pub: c0ffee5a36e581eb10f60b2831b3cdb955d2e7ef680dd282a8d43ad8b84b357a
X-Date: It's Mon Sep 11528 08:07:13 PM CET 1993, the September that never ends.
Bytes: 4924
Lines: 74

Chris M. Thomasson wrote:
> On 3/24/2025 7:07 AM, Richard Heathfield wrote:
> > On 24/03/2025 13:10, The Running Man wrote:
> > > On 24/03/2025 12:51 Richard Heathfield <rjh@cpax.org.uk> wrote:
> > > > On 24/03/2025 11:32, The Running Man wrote:
> > > > > On 24/03/2025 06:21 Richard Heathfield <rjh@cpax.org.uk> wrote:
> > > > > > On 24/03/2025 04:51, The Running Man wrote:
> > > > > > > On 23/03/2025 05:14 hal@invalid.com wrote:
> > > > > > > > What are the chances that the encrypted text in this message
> > > > > > > > could be
> > > > > > > > broken?
> > > > > > > > 
> > > > > > > > No one knows what program made the file. It's 256 bit encryption.
> > > > > > > > 
> > > > > > > > How would a encryption expert go about attempting to decrypt the
> > > > > > > > message?
> > > > > > > > 
> > > > > > > > The password is a dozen words, many mispelled, plus punctuation;.
> > > > > > > > 
> > > > > > > > UjRqfeHYUOIgEIbQWRo48ZJ1roD4t7T7Xfg0l4OJUzbDDX498ig4AIwFdke01VubFkotdHvLS5XVEXL1cacNUH1Ica0nDzHCJRD6ttkgslN+RFZlXPLX3HWratd16l2iwpQMO9E2p2a8Usfb2D9KIB1PnSeLAMwgVAiI1RcrkZXW8uQ6i8Y4Escjy5n/2uNqPvplfzddMoyV+4yrBiF3yKcgTjqHvtc0V35AWiP9PfWmB6xmBXg0LPPJ87qEJdAPo3dmlNpqlCeHk5sgceF+nr0rRlhoFaiYb1u6apRcdd1NpQf/6Z1KwLeEB+Fle5Mo7MP6OrKX1Sny3ZDYrRtXcLZCNmq/vgwvMmKJDia/VofZUC+E3LW47Bi922je+8kWtrN3LlAOWj/7BkzVFH+dHt1KxGM9JWdUqGU6+pq2MM33FFesoRgWUcLaBX8sISiRV1iyOFokyq7SC3EoXd7idtI9yipSl7BDRNvvn02OMbCQ3d09yY8dX1LxxaY9x3EvJS0rRW9ZweAXgqYDQugfTrAPzW4xlWIpymSUceSkERO5dsKtmZM1c0mTESKUPEf9UGn/ioDKvufi17+6lFOr81aj8IUJKjyIEYhNz/SQVoAX+nxOBToWK1PVF6jlRKwj61Cv0yXwN+fFNl/fFLSJUEEBHVTibRYMzSmJaQegcX6IKaLhKP4Phc5XanozNpOV
> > > > > > > > .
> > > > > > > 
> > > > > > > I'd say the chances are close to zero.
> > > > > > 
> > > > > > Unless it matters, in which case the probability rises to near
> > > > > > certainty.
> > > > > > 
> > > > > 
> > > > > Nonsense. Even the NSA has admitted they can't break
> > > > > AES-256.
> > > > 
> > > > (a) What makes you think the above ciphertext is AES-256?
> > > > 
> > > > (b) If the NSA cares enough to try, they'll crack it using side
> > > > channels (e.g. rubber hose).
> > > > 
> > > > (c) In 700-odd bytes of ciphertext, only 65 distinct values
> > > > appear, one of them 19 times. AES my arse. This is a home-grown
> > > > algorithm, and not a particularly good one. All it'll take is for
> > > > someone with enough time to care enough.
> > > > 
> > > 
> > > Homegrown stuff doesn't apply.
> > 
> > Of course it does! The question is *about* a homegrown cipher. You are
> > answering the question you think should have been asked instead of the
> > question that actually was asked.
> > 
> > > Anyone with half a brain
> > > would use vetted ciphers.
> > 
> > The ciphertext is right there in the quoted text. Does it look to you
> > like the output of a "vetted cipher"?
> > 
> > > Rubber hosing isn't breaking encryption.
> > 
> > Not elegantly, no. But if it gets the plaintext, it gets the plaintext.
> > 
> 
> That's hurts because it 100% true. If they get the plaintext, then a
> simple rubber hose broke it. ;^)

I don't understand your rubberhose arguments, I must admit. If a sender
has a Government trojan on his device, no rubberhose is needed. If the
sender uses (without a Government trojan) anonymous Networks, which it
seems you guys are not using (yet), how would be rubberhose applied, if
they can't find the sender?

Regards
Stefan

-- 
Onion Courier Home Server Mon-Fri 15:00-21:00 UTC Sat-Sun 11:00-21:00 UTC
ohpmsq5ypuw5nagt2jidfyq72jvgw3fdvq37txhnm5rfbhwuosftzuyd.onion:8080 inbox