Singh400 Posted June 28, 2010 Share Posted June 28, 2010 Well this is very interesting. I always assumed governments had back door access to many of the programs out there. Did the NSA try? Link to comment Share on other sites More sharing options...
primexx Posted June 28, 2010 Share Posted June 28, 2010 Hacking in email/game account is really hard. If you don't know the password and know that the account has strong password, your only choice is brute force. And brute force takes time. If you have a simple password, for example "9999", it will take 6561 tries if you check all combinations from 0 - 9999. Mostly people use letters and symbols which will take even longer to crack. Email providers usually block your IP for at least an hour if you try with the wrong password for 3 - 4 times. So if you're really lucky and have 1000 IPs, you would be able to try about 3000 combinations in an hour. However, they usually also have algorithms which checks for that sort of behaviour and temporarily disables the account in that case. usually emails are cracked by the safety question, not the password. that's why you make your safety question even stronger than the password, and then forget about it because you're never going to use it. Well this is very interesting. I always assumed governments had back door access to many of the programs out there. Did the NSA try? they don't. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted June 28, 2010 Veteran Share Posted June 28, 2010 The problem with putting backdoors into security software, is that other people end up finding them out. TrueCrypt is open source, a backdoor would be found out. AES is used by the US Government, a "backdoor" (weakness) in that would allow other nations to read the USA government's encrypted data. Link to comment Share on other sites More sharing options...
MR_Candyman Posted June 28, 2010 Share Posted June 28, 2010 usually emails are cracked by the safety question, not the password. that's why you make your safety question even stronger than the password, and then forget about it because you're never going to use it. they don't. Interesting. That may be the reason they were hacked. I've never filled out those safety questions properly, so I have nothing to worry about in that regard Link to comment Share on other sites More sharing options...
ThaCrip Posted June 28, 2010 Share Posted June 28, 2010 Yes, I realised the error of my ways and yesterday started seeing the best types of passwords sites I go into allow and making a randomly generated one using Keepass with the maximum characters and of all the types allowed. The passwords I was using before would have all taken very little time on a normal machine to force. I know a couple of people who got either email or game accounts hacked, so I think it's good to make it harder for somebody to do so. I freely admit I'm still pretty ignorant as to cryptography, but at least this thread has made me take steps to protect myself better. i am not a expert in cryptography either i just read up a little on it is all. so i know some very basic stuff on it is about all. ;) Keepass seems to be good. but i personally use Password Safe ( http://passwordsafe.sourceforge.net/ ) as it's recommended by Bruce Schneier ( http://www.schneier.com/about.html ) which seems to be one of the experts on general Cryptography/security in general ;) ... but like i say i am sure KeePass is perfectly fine also but i just thought i would mention that ;) i figure in general though as long as you don't use a stupidly easy password to guess (which it seems a lot of people probably do) odds are you won't have any issues with people taking over your email etc... or as others have said, don't make the security question to recovering your email account to easy to guess because that's one way they could bypass your password even if it was a super secure password. which when i make those security questions i usually make them to something that is not common which makes it unlikely someone could guess the answer. and as others have said... even if a someone attempts a bruce force most major email sites... i assume have some sort of account lock in place to stop all access to that account for a certain time period which basically drastically slows any attempted account hacks. Link to comment Share on other sites More sharing options...
TechFreak:) Posted June 28, 2010 Share Posted June 28, 2010 The problem with putting backdoors into security software, is that other people end up finding them out. TrueCrypt is open source, a backdoor would be found out. AES is used by the US Government, a "backdoor" (weakness) in that would allow other nations to read the USA government's encrypted data. Encryption software usually doesn't have a backdoor. Backdoor is usually implemented at lower level, i.e. in an encryption algorithm. However, if you use algorithms that are proven to be secure, your data should be protected. Also, if you have important data to protect, it's best to use combination of algorithms e.g. AES-Serpent-Twofish. Link to comment Share on other sites More sharing options...
ThaCrip Posted June 28, 2010 Share Posted June 28, 2010 Also, if you have important data to protect, it's best to use combination of algorithms e.g. AES-Serpent-Twofish. well i think in most cases AES alone should be good because it seems like it's time tested and proven to be secure. so while using others on top of that could not hurt... it does seem to slow down decryption speed etc quite a bit. so AES should be enough. and besides i am sure most people don't have nothing that needs protecting THAT MUCH. just on my PC (AMD Athlon 3500+ (single core) . 2.2ghz overclocked to 2470-ish mhz) encrypts/decryps AES at around 90MB/s vs around 19MB/s for the encryption you suggested) which would put a bottle neck on file transfers. Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted June 28, 2010 Veteran Share Posted June 28, 2010 The NSA use AES-265 for material classified as "TOP SECRET", it's pretty damn secure. Link to comment Share on other sites More sharing options...
gian Posted June 28, 2010 Share Posted June 28, 2010 I'd love to live in Jack Bauer's world. Jack was the first thing that popped in my mind :D (when I read his post) Link to comment Share on other sites More sharing options...
c3ntury Posted June 28, 2010 Share Posted June 28, 2010 In fact I'll just leave this here for people to understand the actual reality behind this: http://www.lockdown.co.uk/?pg=combi Brilliant article and read :) Link to comment Share on other sites More sharing options...
XerXis Posted June 28, 2010 Share Posted June 28, 2010 If i don't use a keyfile (which I usually do) my truecrypt password is 18 characters long (lots of confidential information about clients, databases etc). Nobody is able to crack that :) Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted June 28, 2010 Veteran Share Posted June 28, 2010 Even with "crappy" encryption, a good password will help. I changed my Steam password to one of the "memorable" passwords the Keychain app in OS X generates, it's 22 characters long, has punctuation, numbers and mixed case characters in it. It would take 100 Radeon HD 5850 GFX cards around 6.92683513679498x10^24 years to brute force that (going by http://thoughtyblog.wordpress.com/2009/08/29/java-script-brute-force-calculator/) Link to comment Share on other sites More sharing options...
Backwoods357 Posted June 30, 2010 Share Posted June 30, 2010 From what I read they had multiple drives, I think it would be hilarious if its a raid array. Link to comment Share on other sites More sharing options...
Recommended Posts