Search results

Somehow, we're not on the same page. :frown: The property of the DES algorithm is that "decryption can supposedly only be performed by those who know the particular key used to encrypt". So a bruteforce attack that succeeds by defacto gets the key since it is the input to the brute force...

Correct, the system is anonymous as long as the exit node isn't a honeypot. Hosting one isn't illegal AFAIK as long as it isn't used for illegal activities which it is a safe bet it will eventually.

The three nodes are rotated every ten minutes like you said. The first two in the chain don't matter because the connection is encrypted through them. However, if the exit node is compromised then your data could be decrypted even if you are using https (only for the ten minutes). Rule of thumb...

@Bharat Ek Khoj Look at this open bug on the tor project. It is literally talking about what I was bringing up. If the exit node had a certificate for wikipedia issued using a rogue CA (there were some Chinese ones in the past), then that SSL warning would not show up. BTW, most users click...

I've used it a few times primarily to get free skype phone calls. Anyway, my question was general and not tor specific. How does it matter how many nodes are involved in the context of https? In the context of tor, only the exit node can unecrypt your connection but how does it matter how many...

:confused1: Once you have the key you have everything since it is a symmetric key algorithm. Doesn't matter how many "packets" are being generated. If you are implying that each packet is encrypted using a new key, then why not use a more secure encryption system since you have all that memory...

I can't find the link now but I remember they use AES with 256 bit keys.

Eh? You edited your post after I responded. DES was cracked by the EFF, that is the reason, it was deprecated and is no longer used by Murica. It is susceptible to brute force attacks. In cryptography, the EFF DES cracker (nicknamed "Deep Crack") is a machine built by the Electronic Frontier...

To expound on your example of profiling, what if said person wants to go underground because of persecution by the government. They can stop using Facebook, Whatsapp etc. But then they go to the bank, scan their Aadhar Card and bingo. Pappu has a location as well.

I will defer to your wisdom then. I am just an old neckbeard who follows security closely. Do you know if this is true for GPG as well as AES?

Were you referring to me? Asking because we posted at the same time almost. I did read the article eventually. And I wasn't saying that the stored db is compromised, was just discussing encryption in general terms.

You do know the origin of "drinking the koolaid"? It refers to slowly poisoning yourself. https://en.wikipedia.org/wiki/Drinking_the_Kool-Aid The fact that it is being shoved up our ass is precisely the reason we want to make sure the information is secure. Facebook, Google etc do not have our...

There are rumors that the NSA has developed specialized hardware to break AES encryption. Of course they deny everything. Also depends on the vendor of the encryption. If it is Oracle or some other proprietary company, you can bet that there will be a backdoor for the NSA. Even if it is open...

Lol we haven't even gone there whether this program should exist or not. We're discussing whether the implenentation was secure and the implications of the leak if it happened. Relax bud, we get it. You've drank the koolaid. Some of us haven't.

I honestly don't understand the outrage in your post. :confused1: Yes, there are advantages of the government having a way to identify its citizens. Uncle Sam itself has such a database. That doesn't mean that the implementation can be insecure so that private details are leaked to a third...

Eh? How does it matter how many computers are involved if any one of the chain is compromised and is able to do a man in the middle https attack? :confused1:

@Bharat Ek Khoj This video at Defcon was pretty informative, had to spend some time trying to find it. None of the cases involved a hole in Tor itself. EDIT: Evil forum software, allows spaces in usernames. :rage:

It is probably not rigged but it is susceptible to man in the middle attacks at the point of the exit node. Even with https, all it takes is a rogue CA to compromise the whole system. Also, javascript. Most people who use TOR don't disable javascript and js can be used to get information that...

Hehe, you wish. https://www.chainalysis.com/

Interesting you should say that. What about a RAW agent? He might be a terrorist from the perspective of Pakistan? Also, what if Congress comes to power and you are a BJP minister? Again, you are an easy target.