Article <vrsb4s$1faio$2@dont-email.me>

Deutsch English Français Italiano
<vrsb4s$1faio$2@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: "Chris M. Thomasson" <chris.m.thomasson.1@gmail.com>
Newsgroups: sci.crypt
Subject: Re: What are the chances of this encrytion being broken?
Date: Mon, 24 Mar 2025 12:17:48 -0700
Organization: A noiseless patient Spider
Lines: 81
Message-ID: <vrsb4s$1faio$2@dont-email.me>
References: <vrrh0h$nscg$1@dont-email.me>
 <fCwjUEYVF8eg0zhdLcl3X+q7CCGal0Ox3PTmngktqnw=@writeable.com>
 <vrrovm$11oms$1@dont-email.me> <vrs7tj$1faj3$1@dont-email.me>
 <4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 24 Mar 2025 20:17:49 +0100 (CET)
Injection-Info: dont-email.me; posting-host="134859492fb1e605dc9ff2cb841b4e25";
	logging-data="1550936"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+6OF++yWwv+W3wxwZsCr3F9fnqRTI68UE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:ZvPYwqTeizV9BkDp9VTG5PzAd7g=
In-Reply-To: <4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>
Content-Language: en-US
Bytes: 5000

On 3/24/2025 12:07 PM, Stefan Claas wrote:
> Chris M. Thomasson wrote:
>> On 3/24/2025 7:07 AM, Richard Heathfield wrote:
>>> On 24/03/2025 13:10, The Running Man wrote:
>>>> On 24/03/2025 12:51 Richard Heathfield <rjh@cpax.org.uk> wrote:
>>>>> On 24/03/2025 11:32, The Running Man wrote:
>>>>>> On 24/03/2025 06:21 Richard Heathfield <rjh@cpax.org.uk> wrote:
>>>>>>> On 24/03/2025 04:51, The Running Man wrote:
>>>>>>>> On 23/03/2025 05:14 hal@invalid.com wrote:
>>>>>>>>> What are the chances that the encrypted text in this message
>>>>>>>>> could be
>>>>>>>>> broken?
>>>>>>>>>
>>>>>>>>> No one knows what program made the file. It's 256 bit encryption.
>>>>>>>>>
>>>>>>>>> How would a encryption expert go about attempting to decrypt the
>>>>>>>>> message?
>>>>>>>>>
>>>>>>>>> The password is a dozen words, many mispelled, plus punctuation;.
>>>>>>>>>
>>>>>>>>> UjRqfeHYUOIgEIbQWRo48ZJ1roD4t7T7Xfg0l4OJUzbDDX498ig4AIwFdke01VubFkotdHvLS5XVEXL1cacNUH1Ica0nDzHCJRD6ttkgslN+RFZlXPLX3HWratd16l2iwpQMO9E2p2a8Usfb2D9KIB1PnSeLAMwgVAiI1RcrkZXW8uQ6i8Y4Escjy5n/2uNqPvplfzddMoyV+4yrBiF3yKcgTjqHvtc0V35AWiP9PfWmB6xmBXg0LPPJ87qEJdAPo3dmlNpqlCeHk5sgceF+nr0rRlhoFaiYb1u6apRcdd1NpQf/6Z1KwLeEB+Fle5Mo7MP6OrKX1Sny3ZDYrRtXcLZCNmq/vgwvMmKJDia/VofZUC+E3LW47Bi922je+8kWtrN3LlAOWj/7BkzVFH+dHt1KxGM9JWdUqGU6+pq2MM33FFesoRgWUcLaBX8sISiRV1iyOFokyq7SC3EoXd7idtI9yipSl7BDRNvvn02OMbCQ3d09yY8dX1LxxaY9x3EvJS0rRW9ZweAXgqYDQugfTrAPzW4xlWIpymSUceSkERO5dsKtmZM1c0mTESKUPEf9UGn/ioDKvufi17+6lFOr81aj8IUJKjyIEYhNz/SQVoAX+nxOBToWK1PVF6jlRKwj61Cv0yXwN+fFNl/fFLSJUEEBHVTibRYMzSmJaQegcX6IKaLhKP4Phc5XanozNpOV
>>>>>>>>> .
>>>>>>>>
>>>>>>>> I'd say the chances are close to zero.
>>>>>>>
>>>>>>> Unless it matters, in which case the probability rises to near
>>>>>>> certainty.
>>>>>>>
>>>>>>
>>>>>> Nonsense. Even the NSA has admitted they can't break
>>>>>> AES-256.
>>>>>
>>>>> (a) What makes you think the above ciphertext is AES-256?
>>>>>
>>>>> (b) If the NSA cares enough to try, they'll crack it using side
>>>>> channels (e.g. rubber hose).
>>>>>
>>>>> (c) In 700-odd bytes of ciphertext, only 65 distinct values
>>>>> appear, one of them 19 times. AES my arse. This is a home-grown
>>>>> algorithm, and not a particularly good one. All it'll take is for
>>>>> someone with enough time to care enough.
>>>>>
>>>>
>>>> Homegrown stuff doesn't apply.
>>>
>>> Of course it does! The question is *about* a homegrown cipher. You are
>>> answering the question you think should have been asked instead of the
>>> question that actually was asked.
>>>
>>>> Anyone with half a brain
>>>> would use vetted ciphers.
>>>
>>> The ciphertext is right there in the quoted text. Does it look to you
>>> like the output of a "vetted cipher"?
>>>
>>>> Rubber hosing isn't breaking encryption.
>>>
>>> Not elegantly, no. But if it gets the plaintext, it gets the plaintext.
>>>
>>
>> That's hurts because it 100% true. If they get the plaintext, then a
>> simple rubber hose broke it. ;^)
> 
> I don't understand your rubberhose arguments, I must admit. If a sender
> has a Government trojan on his device, no rubberhose is needed. If the
> sender uses (without a Government trojan) anonymous Networks, which it
> seems you guys are not using (yet), how would be rubberhose applied, if
> they can't find the sender?

How long is a piece of string? ;^)

If they can't find the senders, then the rubber hose is not long enough 
to whip them? lol. ;^) The problem is that the senders can be under 
surveillance for years before anything happens... They think they are 
100% anonymous. It's boils down to the "shit can happen, and does 
happen" scenario... ;^)

Consult Murphy's Law

The toast always lands jelly side down?