So is this why I'm getting a 403 message when i go to cryptome .org?
On Mon, Jun 9, 2014 at 1:39 PM, Neal Lamb <nl1816a@xxxxxxxxxxxxx
<mailto:nl1816a@xxxxxxxxxxxxx>> wrote:
http://ecowatch.com/2014/06/06/china-coal-cap-strand-assets/
On Monday, June 9, 2014 11:55 AM, Aftermath
<aftermath.thegreat@xxxxxxxxx
<mailto:aftermath.thegreat@xxxxxxxxx>> wrote:
Some one just pointed this out too me:
https://veracrypt.codeplex.com/
from the website:
*Project Description*
VeraCrypt is a free disk encryption software brought to you by
*IDRIX *(http://www.idrix.fr <http://www.idrix.fr/>) and that is
based on TrueCrypt, freely available at http://www.truecrypt.org/.
It adds enhanced security to the algorithms used for system and
partitions encryption making it immune to new developments in
brute-force attacks.
For example, when the system partition is encrypted, TrueCrypt
uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we
use 327661. And for standard containers and other partitions,
TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331
for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.
This enhanced security adds some delay only to the opening of
encrypted partitions without any performance impact to the
application use phase. This is acceptable to the legitimate owner
but it makes it much more harder for an attacker to gain access to
the encrypted data.
*VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage
format.*
*VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage
format.
*
*VeraCrypt storage format is INCOMPATIBLE with TrueCrypt storage
format.*
(repetition is mine to highlight the fact that you cannot open
truecrypt volumes with veracrypt)
-Afterm4th
On Tue, Jun 3, 2014 at 9:50 AM, <tpb-crypto@xxxxxxxxxxx
<mailto:tpb-crypto@xxxxxxxxxxx>> wrote:
> Message du 03/06/14 10:51
> De : "Shaun O'Connor"
>
> I take your point about the encryption dilemma(did I spell that
> correctly). I think the Jury is out on that particular issue
though...
>
> Personally I think we are in a perpetual game of cat and
mouse with
> those who make it their business to know everything about
everyone..
>
The rewards for the spies are too great for this game to end
one day.
The game will continue, but because of these disclosures by
half-2015, the spies will have to start all over again, at
least against people who are aware and actively protect their
systems. Because those that got legacy systems will be forever
under the treat.
Considering our increasing life expectancy and the fact that
we are using Cobol and Fortran codes made 40 years ago in many
financial and scientific institutions, we can count many
exploits discovered in the last decade to be still exploitable
in 100 years. Because those systems won't go away.
An example of why this is possible, is how many webservers
(not merely firmware routers hard to re-flash) you will find
that are still vulnerable to heartbleed. The rate of
correction seems to be asymptotic, thus always leaving some
uncorrected systems till the end of their usable lives.
Put that in an automated system like spy agencies have, and
you have interesting data streams forever to exploit. The only
solution to stop them is to uncover their taps and block them,
those are much smaller in number and easier to tackle than
millions of machines.
