The TrueCrypt website has been changed it now has a big red warning stating "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues". They recommend using BitLocker for Windows 7/8, FileVault for OS X, or (whatever) for Linux. So, what happened? The TrueCrypt site says:
This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Did the TrueCrypt devs (or SourceForge?) get a NSL? They are offering a "new" version (7.2), but apparently the signing key has changed and a source code diff seems to indicate a lot of the functionality has been stripped out. What's up?
(Score: 2) by juggs on Thursday May 29 2014, @08:32AM
EVERYTHING can be brute forced. That is not bullshit and it is not false.
NOTHING is impenetrable to brute force.
If you are a cryptographer you know the above to be true. Brute force implies throwing every possible solution at a problem - one will prove to be the key that unlocks the door.
I will leave aside your subsequent points about AES/Rjindael as I am not qualified to speak to their mathematical correctness nor TrueCrypt's implementation of them.
My point in Scenario A was that if TrueCrypt's developers had decided to cease work then from a security perspective it would be good practise to leave available source and binaries that can decrypt previous versions' encrypted volumes. Deleting the encryption code simply serves to prevent future adopters of the software using it to encrypt their files.
If one is walking away from supporting / developing an encryption software then it makes sense to do this. It is a delineation.
Regardless of the power / compute requirement to brute force something today, who knows what advances are around the corner. Hence why I alluded to only relying on encryption to keep your stuff safe for a finite period. It doesn't actually matter what that finite period is, but it is finite. Surely it is better to get users used to the concept rather than lull them into an encrypt now, secure forever utopia that may or may not be the case.
(Score: 2) by stormwyrm on Thursday May 29 2014, @09:04AM
So where's the supernova you can harness for the energy needed to break a 256-bit key? Or can you wait until the heat death of the universe? The theoretical minimum amount of energy based on arguments for computing using the known laws of physics requires at least that much energy to brute force a 256-bit symmetric key. Perhaps it might be feasible for a Kardashev Type 3 civilisation, but for us puny type 0 civilisations it is far beyond the realm of feasibility. As Bruce Schneier [schneier.com] put it:
Sure, anything can be brute forced. It just isn't practical to do so, which makes it practically bullshit to even try.
Numquam ponenda est pluralitas sine necessitate.
(Score: 4, Interesting) by edIII on Thursday May 29 2014, @09:27AM
That's just it though. You're missing the bigger point. Nobody is even trying to brute force anything .
At least not anymore. Once the permutations so strongly exceeded total processing power, attackers simply had no choice but to stop. They didn't even brute force Enigma the way you allude to. Take a deeper look at how Enigma was attacked. They had enough processing power during WWII to brute force Enigma *AFTER* they first reduced the keyspace with nifty mathematical analysis.
The real game, and real attack surfaces, are sophisticated analysis of the gestalt view of the ciphertext. It's a known process by which probabilities are understood, and the effective keyspace is reduced to a more viable level that can be brute forced in time periods acceptable to governments and LEO.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 4, Interesting) by edIII on Thursday May 29 2014, @09:16AM
Properly implemented OTP is mathematically proven to be immune to brute force attacks. You can literally generate ANY plaintext as long as it's the same length as the OTP ciphertext, and have absolutely no way whatsoever of knowing that you guessed the correct key. The key itself is supposed to be high entropy from preferably non-deterministically generated numbers. There is no math involved other than modular addition, and even then, it's a 1:1 relationship between each and every single bit of the plaintext and key. That's it. There is NO relationship between the 2nd bit and the millionth bit. Assuming a truly random key it's impossible to state beyond a reasonable doubt you found the key.
That's the most dangerous part of OTP. Information bias can lead you to assume that a generated plaintext from your chosen key was what you are looking for.
What do you want me to have been guilty of? Child pron? Just take any CP image bump it up against the ciphertext, obtain your key, and then claim the extra stuff was padding designed to confuse analysis. Industrial espionage? Same thing. A manifesto saying you are the one responsible for the bombs? Just as easy.
OTP is perfection as far as the method (maybe a slight addition to prevent stream attacks) is concerned. What is not perfected yet is the key exchange, and the enormously ridiculous requirement that key size be exactly the same length as the plaintext.
Otherwise, yes, OTP is specifically known to be immune toinfinite processing power.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by FatPhil on Saturday May 31 2014, @05:07PM
>
> NOTHING is impenetrable to brute force.
>
> If you are a cryptographer you know the above to be true.
Any cryptographer who thinks the above is true is not a cryptographer at all, but delusional. As is any non-cryptographer who thinks it is true.
A OTP cannot be brute forced. Provably. Mathematically. And yes, I am a mathematician. Who knows a fair bit about cryptography.
I know I'm God, because every time I pray to him, I find I'm talking to myself.