May 24th, 2005, 08:28 PM
Vendors ? ?
I just had to share. I had a meeting with a vendor this morning who is pushing an encryption service. The second page of their presentation had the comment on it which stated "100% security". I asked them if they had ever heard about 'rainbow tables' or the 'rainbowcrack project" which drew a blank stare from them. I pretty much shutdown after that. This afternoon I got a follow-up e-mail from the vendor with the following quote:
Geezz....these guys need to go outside and search for a clue.
We know that our XXXXXXX encryption services
mean 100% guaranteed data security and peace of mind.
May 24th, 2005, 09:32 PM
Ask for a sample of something that was encrypted, and use their sales info to give you a clue on how to crack it, and then crack it. Then send a letter to them saying you know how to crack the poop their shovelin and see if you can get a check out of it. Hush money is always good, especially since you can always give yourself a raise...lol.
May 24th, 2005, 10:15 PM
Well since you don't know the algo that the encyrption uses, it is secure to an extent.
May 24th, 2005, 10:21 PM
What algorithm are they using? Is this another one of the boneheaded "we don't tell you the method we use because it keeps your data safe" companies?
May 24th, 2005, 10:41 PM
OK folks, you can all have a good laugh at me now.............
As I understand things, there are two issues:
I believe that encryption is how you scramble and descramble data................but passwords are how you obtain access to things............?
I am pretty sure I have a product that does 4048 bit encryption...........that would not be crackable............hell 256 bit would be bad enough?
However, a 14 bit password hash could be cracked in minutes using rainbow tables?
However, make that a 32 character pass with all the ASCII characters included and see where you go?....................then increase the length to 127 (#128 is a check digit?)............
Like I said, I could well be very wrong, but I am sure that passwords and encryption are quite different?
May 25th, 2005, 01:22 AM
your not wrong, Rainbow crack is a password cracker not a method for decypting encrypted data.
Having said that, if a human can devise the encryption algortham, a human can and will devise an algoritham to decrypt it.................... With the exeption of the OneTime pad................That however, relies on stricked rules, which if not kept too, weaken it's effectivness and can break it.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry