My thesis statements here: He is a fraud who knows nothing about cryptography, whereas I'm a self-professed layman who knows enough to realize how messed up the status quo is.
This amuses me no end. Actually, I have a PhD in the IT security field and about a decade of relevant experience after that. Oh, and I have been following Quantum "Computing" research for about 20 years now. Nice mathematics, does not really work in practice. The latter is unchanged from 20 years back. But keep kidding yourself. At least you are entertaining, which is far better than what most amateur crypto "experts" manage.
1) Plausible deniability is more of a problem than a solution and hard to use right. Hidden volumes need a lot of care and special preparation before going into danger ion order to not be pretty obvious. They are one of these ideas that sound great but fail catastrophically in the face of a competent attacker. 2) Weak passwords cannot really be fixed anyways, only attacker effort can be driven up a bit.
With good security practices neither of these problems matter.
Indeed. Advising the user is perfectly fine, but _forcing_ the user to some perceived security level (and doing it badly) is not acceptable and indicates a systematic problem on the side of the designer. And where there is one such systematic problem, there is a pretty good chance of more.
And another clueless moron: No, this parameter _cannot_ be set low on short passphrases. From your reference: " VeraCrypt forces the PIM value to be greater than or equal to a certain minimal value when the password is less than 20 characters." and that is what I object to, since a high-entropy passphrase shorter than 20 characters is completely secure.
It is really fascinating how stupid and clueless you are.
1. A short passphrase is not necessarily insecure, if it is high-entropy 2. VeraCrypt switches to a _longer_ iteration on short passphrases and that is where the 70 seconds come from
The length of the list of vulnerabilities is completely irrelevant. What matters is whether they are a risk in the specific deployment scenario. Security cannot be estimated without understanding.
I think so. TrueCrypt 7.1a has, as far as I remember, only local exploits that matter. In the regular scenario (laptop), there is no other user and they do not matter at all. I do not trust the VeraCrypt person.
VeraCrypt forces long iteration on shorter passphrases (>70 sec on my laptop, i.e. unusable), regardless of how secure that passphrase actually is. There is no way to switch this off. No response on a complaint. This and some other things lead me to not trust this person. I am back to the last TrueCrypt version that does not have this brain-dead and insulting limitation.
There is absolutely no need to do that. Quantum Computing has failed to scale in any way for the last 30 years. It will continue to do so. Now, if we could get everybody to change the damn default passwords, that would be something that would help with very serious problem.
They would not at all. Quantum computers would (if they ever scale to relevant sizes) be mostly useless, except for a small set of very specific things.
The problem here is that some idiots have adopted the belief in technology as a surrogate religion. The result is that they make grand unfounded claims like this one here. These are the same morons that predict human-level AI in the near future. There is no connection to actual facts in what they claim and predict.
You probably mean "inverse exponentially with effort".
I fully agree. It does not look like we are even going to ever get linear scaling, and what made digital computers great is that they did indeed get exponential scaling for a while (basically over now).
Incidentally, the D-Wave performance completely sucks once the comparison is fair. It only outperforms a digital simulation of what it does, and since a simulation of something takes far more effort than the thing itself, that is no accomplishment at all.
The states are still "fragile and short-lived". This is not relevant in any way, form or shape, except as a detail result form a failed research direction. Other directions for alternate computing circuits have been scrapped far before the mountain of failure that "quantum computing" has accumulated by now.
If you are really that blind, try replacing this with "poison gas" (which it legally likely is, as "shortness of breath" may well kill somebody) or "explosives". The idea is driven by an entirely understandable hatred of the utter scum that bicycle thieves are, but it is not viable.
There is also the thing that it is entirely possible and easy to configure a Linux installation insecurely. You just have to be incompetent and ignore all advice. Many IoT profiteers apparently fit that description.
My thesis statements here: He is a fraud who knows nothing about cryptography, whereas I'm a self-professed layman who knows enough to realize how messed up the status quo is.
This amuses me no end. Actually, I have a PhD in the IT security field and about a decade of relevant experience after that. Oh, and I have been following Quantum "Computing" research for about 20 years now. Nice mathematics, does not really work in practice. The latter is unchanged from 20 years back. But keep kidding yourself. At least you are entertaining, which is far better than what most amateur crypto "experts" manage.
Incidentally, thanks to you, I found a nice reference: https://www.happybearsoftware....
That was my reasoning.
1) Plausible deniability is more of a problem than a solution and hard to use right. Hidden volumes need a lot of care and special preparation before going into danger ion order to not be pretty obvious. They are one of these ideas that sound great but fail catastrophically in the face of a competent attacker.
2) Weak passwords cannot really be fixed anyways, only attacker effort can be driven up a bit.
With good security practices neither of these problems matter.
Indeed. Advising the user is perfectly fine, but _forcing_ the user to some perceived security level (and doing it badly) is not acceptable and indicates a systematic problem on the side of the designer. And where there is one such systematic problem, there is a pretty good chance of more.
I did that. Until I realized how completely stupid that is. I do not trust "security" I have to work around.
It depends on the definition of "short". VeraCrypt thinks "short" is 20 chars or less and that is pretty much a complete fail.
I did that for a few weeks, until I realized how completely brain-dead that is and that the problem is not on my side.
You seem to be on drugs, as your perception of reality has no relation to actual reality.
And another clueless moron: No, this parameter _cannot_ be set low on short passphrases. From your reference: " VeraCrypt forces the PIM value to be greater than or equal to a certain minimal value when the password is less than 20 characters." and that is what I object to, since a high-entropy passphrase shorter than 20 characters is completely secure.
It is really fascinating how stupid and clueless you are.
1. A short passphrase is not necessarily insecure, if it is high-entropy
2. VeraCrypt switches to a _longer_ iteration on short passphrases and that is where the 70 seconds come from
Dear complete idiot, please read up on what "entropy" is. My passphrase has 80 bits of entropy and is _not_ insecure, despite being short.
Do your reading yourself, lazy AC.
The length of the list of vulnerabilities is completely irrelevant. What matters is whether they are a risk in the specific deployment scenario. Security cannot be estimated without understanding.
VeraCrypt/True were already secure -enough-.
Then you have no need to update any of your systems, right?
You are an idiot, because you do not understand the question at hand at all, but make arrogant and insulting comments nonetheless.
I think so. TrueCrypt 7.1a has, as far as I remember, only local exploits that matter. In the regular scenario (laptop), there is no other user and they do not matter at all. I do not trust the VeraCrypt person.
VeraCrypt forces long iteration on shorter passphrases (>70 sec on my laptop, i.e. unusable), regardless of how secure that passphrase actually is. There is no way to switch this off. No response on a complaint. This and some other things lead me to not trust this person. I am back to the last TrueCrypt version that does not have this brain-dead and insulting limitation.
There is absolutely no need to do that. Quantum Computing has failed to scale in any way for the last 30 years. It will continue to do so. Now, if we could get everybody to change the damn default passwords, that would be something that would help with very serious problem.
They would not at all. Quantum computers would (if they ever scale to relevant sizes) be mostly useless, except for a small set of very specific things.
The problem here is that some idiots have adopted the belief in technology as a surrogate religion. The result is that they make grand unfounded claims like this one here. These are the same morons that predict human-level AI in the near future. There is no connection to actual facts in what they claim and predict.
You probably mean "inverse exponentially with effort".
I fully agree. It does not look like we are even going to ever get linear scaling, and what made digital computers great is that they did indeed get exponential scaling for a while (basically over now).
Incidentally, the D-Wave performance completely sucks once the comparison is fair. It only outperforms a digital simulation of what it does, and since a simulation of something takes far more effort than the thing itself, that is no accomplishment at all.
The states are still "fragile and short-lived". This is not relevant in any way, form or shape, except as a detail result form a failed research direction. Other directions for alternate computing circuits have been scrapped far before the mountain of failure that "quantum computing" has accumulated by now.
Sounds like somebody is in urgent need of medical help for his deranged state...
There is/was: LulzSec.
Nice! I guess this would cut down on these locks being used pretty fast.
If you are really that blind, try replacing this with "poison gas" (which it legally likely is, as "shortness of breath" may well kill somebody) or "explosives". The idea is driven by an entirely understandable hatred of the utter scum that bicycle thieves are, but it is not viable.
There is also the thing that it is entirely possible and easy to configure a Linux installation insecurely. You just have to be incompetent and ignore all advice. Many IoT profiteers apparently fit that description.
Same here. It requires a special kind of stupid to associate "new" with "good" unconditionally.