Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Is Most Encryption Cracked?

Patrick Mylund Nielsen cryptography at patrickmylund.com
Wed Jul 17 11:08:13 PDT 2013


On Wed, Jul 17, 2013 at 1:54 PM, Collin Anderson
<collin at averysmallbird.com>wrote:

> Wait, forgive me Libtech for amusing myself at the cost of your collective
> inboxes but, is it just me or is the security page on what purports to be a
> security tool empty? https://unsene.com/security.html
>

"Military-grade encryption", huh? That phrase always makes my spider sense
tingle.

>From their descriptions:

• AES – a symmetric key that is considered to be very strong.  We’re using
the 256 bit version for the free version of our site, which is the maximum
bit key size for this algorithm.  We believe this is broken by the NSA and
we believe it’s either real time or near real time decrypt-able.

• XAES – a more secure and advanced version of AES, ours goes up to 4096
bits, which is über-strong.  Unlikely to be broken as this has been
customized from standard code libraries that aren’t widely known.


Crypto mistake #1: "Our algorithm is secure because nobody knows how it
works." https://en.wikipedia.org/wiki/Kerckhoffs's_principle

Cool project, but I'm highly doubtful it'll be secure. They're making some
fundamental mistakes, like confusing RSA X-bits with AES X-bits, and
assuming their stuff won't be broken if they don't tell anyone how it works.


>
> On Wed, Jul 17, 2013 at 1:50 PM, Collin Anderson <
> collin at averysmallbird.com> wrote:
>
>> > So, AES-128 is what they're using?
>>
>> Mo' money, mo' key length.
>>
>> *What’s the difference between the free version and the premium version?*
>>
>> *The free version provides 256-bit AES encryption and 2GB of free
>> encrypted storage and allows sharing of files of up to 50MB. The premium
>> version provides up to 1048-bit AES encryption and 50GB of encrypted
>> storage and allows sharing of files of up to 40GB. Also, the key in the
>> free version is pre-generated and stored on our servers, while with the
>> premium version the user has the option to generate his own key and store
>> it locally for even greater security.  Keep in mind there is no “password
>> recovery”, so you definitely won’t want to forget your passphrase!*
>>
>>
>>
>> On Wed, Jul 17, 2013 at 1:38 PM, <liberationtech at lewman.us> wrote:
>>
>>> On Wed, 17 Jul 2013 10:18:44 -0700
>>> Collin Sullivan <collins at benetech.org> wrote:
>>>
>>> > http://unsene.com/blog/2013/06/15/is-most-encryption-broken/
>>>
>>> ....haystack called and wants its media pitch back....
>>>
>>> They say AES is broken and yet, "Military-grade security protects your
>>> important private messages, photos and videos, everywhere. It's so
>>> strong that we can't export it to Cuba, Iran, Sudan, and North Korea."
>>>
>>> So, AES-128 is what they're using? I believe you can only export 64-bit
>>> or less keys without a license.
>>>
>>> This entire thing is dripping in snakeoil.
>>>
>>> --
>>> Andrew
>>> http://tpo.is/contact
>>> pgp 0x6B4D6475
>>> --
>>> Too many emails? Unsubscribe, change to digest, or change password by
>>> emailing moderator at companys at stanford.edu or changing your settings
>>> at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>>
>> --
>> *Collin David Anderson*
>> averysmallbird.com | @cda | Washington, D.C.
>>
>
>
>
> --
> *Collin David Anderson*
> averysmallbird.com | @cda | Washington, D.C.
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130717/cdc6dec4/attachment.html>


More information about the liberationtech mailing list