On 2022 Jan 29 09:12:00, you wrote to Wilfred van Velzen:
WvV>> An attacker with enough resources could in theory find some or all
WvV>> passwords. And of course that becomes progressively easier in the
WvV>> future...
AA> I am not impressed with the reports that people can process millions
AA> of hashes per second using dedicated GPUs. So what if the hashes are
AA> decoded.
you're missing something here... it isn't the hashes being decoded... they're
just a large number... it is the use of them to decode messages that is the
goal... the faster you calculate hashes to beat against the encoded message to
see if there's anything legible in the result, the faster you can gain access
to that information...
AA> They can't do anything with them to target millions of people enmasse
AA> anyway. I think they would have to target SPECIFIC accounts and run
AA> the passwords one by one.
if something is found in passing, then specific accounts may gain closer looks
at their traffic...
AA> In Safester, the decoded hash would reveal the passphrase, but the
AA> decrypting of the messages would be useless without the user's key
AA> which would reside in the local Safester prog or app.
if i were to intercept an encoded message and want to decode it, i wouldn't be
worrying about the passphrase or the key... i'd concentrate on throwing hashes
at the message and seeing if anything legible appeared at the end of the decode
phase... if there was nothing, then throw another hash at it and look again...
)\/(ark
"The soul of a small kitten in the body of a mighty dragon. Look on my majesty,
ye mighty, and despair! Or bring me catnip. Your choice. Oooh, a shiny thing!"
... Cats are not dogs! -P.G. Wodehouse
---
* Origin: (1:3634/12.73)
|
