Encryption: how big a key to you need for security? 14 digits now?

[RayLopez99]

A few years ago, 8 digits was OK. Then it was 12. Now, with
Ophcrack, they say you need 14?!

But do Windows passwords use encryption like is done with WinZip? Or
is it a weaker form of encryption that needs a longer password? I
can't believe that you need 14 digits for encryption for things like
PGP or WinZip encryption (probably some variant of a symmetric key)--
sounds like too much. It would take months and months to decrypt even
12 digits I believe--on anything but a supercomputer? There was a
website that computed how long it takes, but I can't seem to find it.

RL

http://pcsupport.about.com/od/toolsofthetrade/gr/ophcrack.htm
Ophcrack v3.3.1 (LiveCD v2.3.1)

* Opchrack can crack passwords for Windows 7, Windows Vista, and
Windows XP.
* Ophcrack can recover 99.9% of passwords from Windows XP, usually
in a matter of seconds. Any 14-character or smaller password that uses
any combination of numbers, small letters, and capital letters should
be crackable.
* Ophcrack can recover 99% of passwords from Windows 7 or Windows
Vista. A dictionary attack is used in Windows 7 and Vista.
* The Ophcrack LiveCD option allows for completely automatic
password recovery.
* LiveCD method requires no installation in Windows, making it a
safe alternative to many other password recovery tools.
* No Windows passwords need to be known to use the Ophcrack LiveCD
to crack your Windows passwords.

 

[David H. Lipman]

From: "RayLopez99" <[email protected]>

| A few years ago, 8 digits was OK. Then it was 12. Now, with
| Ophcrack, they say you need 14?!

| But do Windows passwords use encryption like is done with WinZip? Or
| is it a weaker form of encryption that needs a longer password? I
| can't believe that you need 14 digits for encryption for things like
| PGP or WinZip encryption (probably some variant of a symmetric key)--
| sounds like too much. It would take months and months to decrypt even
| 12 digits I believe--on anything but a supercomputer? There was a
| website that computed how long it takes, but I can't seem to find it.

/* You are most annoying. */

Neither group you posted to have *anything* to do with encryption as you brought it up.

You are not discussing malware so your subject matter is Off Topic for;
alt.comp.anti-virus and has NOTHING to do with hardware associated with home built
computers.

Please do NOT post in alt.com.anti-virus unless you you are SPECIFICALLY posting about
computer malware.

 

[Dave Cohen]

From: "RayLopez99"<[email protected]>

| A few years ago, 8 digits was OK. Then it was 12. Now, with
| Ophcrack, they say you need 14?!

| But do Windows passwords use encryption like is done with WinZip? Or
| is it a weaker form of encryption that needs a longer password? I
| can't believe that you need 14 digits for encryption for things like
| PGP or WinZip encryption (probably some variant of a symmetric key)--
| sounds like too much. It would take months and months to decrypt even
| 12 digits I believe--on anything but a supercomputer? There was a
| website that computed how long it takes, but I can't seem to find it.

/* You are most annoying. */

Neither group you posted to have *anything* to do with encryption as you brought it up.

You are not discussing malware so your subject matter is Off Topic for;
alt.comp.anti-virus and has NOTHING to do with hardware associated with home built
computers.

Please do NOT post in alt.com.anti-virus unless you you are SPECIFICALLY posting about
computer malware.

His name is appearing in other groups.

 

[FromTheRafters]

His name is appearing in other groups.

He's a crossposting troll that likes to insult people so he can feel
superior.

 

[Griffin]

Probably just a young trainee troll!!

He's a crossposting troll that likes to insult people so he can feel
superior.

 

[RayLopez99]

Dave
Multi-AV Scanning Tool -http://www.pctipp.ch/downloads/dl/35905.asp

Did you write this tool are you being paid to shill it, tool?

Idiot. If you can't answer my question, which is on-topic, then STFU.

RL

 

[RayLopez99]

He's a crossposting troll that likes to insult people so he can feel
superior.-

But I am superior. And your inability to answer the question is
noted.

You're dismissed little man.

BTW you failed to explain HTTPS security as well, but then again I
don't expect much from you.

RL

 

[David H. Lipman]

From: "RayLopez99" <[email protected]>


| Did you write this tool are you being paid to shill it, tool?

Yes I wrote the tool that is in my signature.

Paid ? No.

Not only do I not get paid for it, I wrote it to be CareWare (aka; CharityWare).

The FTP, HTTPS and the encryptions question you have posed have NOT been On Topic.

 

[RayLopez99]

From: "RayLopez99" <[email protected]>

| On Nov 4, 3:51 am, "David H. Lipman" <[email protected]>



| Did you write this tool are you being paid to shill it, tool?

Yes I wrote the tool that is in my signature.

Paid ?  No.

Right. So nobody has every paid you for your tool. I wonder how many
downloads you even have of it.

Not only do I not get paid for it, I wrote it to be CareWare (aka; CharityWare).

I see. Very noble, if anybody has bothered to download it. Feel free
to share how few that number is.

The FTP, HTTPS and the encryptions question you have posed have NOT been On Topic.

Nope. Wrong. People concerned with PCs are concerned with security.
We are not all overclocker hobbyists you know.

RL

 

[David H. Lipman]

From: "RayLopez99" <[email protected]>



| Right. So nobody has every paid you for your tool. I wonder how many
| downloads you even have of it.


PCTipp has and displays the numbr of downloads since I allowed them to host it on PCTipp
Magazine. That is not the whole story either since it was originally hosted on another
size.


| I see. Very noble, if anybody has bothered to download it. Feel free
| to share how few that number is.




| Nope. Wrong. People concerned with PCs are concerned with security.
| We are not all overclocker hobbyists you know.

Wrong.

hardware.PC-homebuilt is about just that hardware for home built computers like mine based
upon an ASUS motherboard.

alt.comp.ant-virus is concerned with specifically malware. Not generalized security.
That is what alt.computer.security is about. When I told you that last time, instead of
reposted your OT subject matter there you reposted it here and there. Most annoying and
borders on abusive.

If you were discussing a worm that encrypted its data flow to a dump site or a ransom
trojan that encrypted data files on your system and held the key for ransom, then it would
be On Topic for alt.comp.anti-virus but still would be OT for
alt.comp.hardware.PC-homebuilt .

The fact is the FTP, HTTPS and Encryptions questions were all Off Topic and you show
multiple misunderstandings in the posts concerning...
- how Usenet works
- how the protocols in question work
- what is considered On Topic or Off Topic for any given news group
- netiquette in general


EoD

 

[FromTheRafters]

He's a crossposting troll that likes to insult people so he can feel
superior.-

But I am superior. And your inability to answer the question is
noted.

You're dismissed little man.

BTW you failed to explain HTTPS security as well, but then again I
don't expect much from you.

***
I and others have explained it, you *still* fail to understand it. Your
idea that encrypted data can magically decrypt itself without a key
shows your inability to comprehend the subject.

Plus, you are an ass.
***

 

[Paul]

A few years ago, 8 digits was OK. Then it was 12. Now, with
Ophcrack, they say you need 14?!

But do Windows passwords use encryption like is done with WinZip? Or
is it a weaker form of encryption that needs a longer password? I
can't believe that you need 14 digits for encryption for things like
PGP or WinZip encryption (probably some variant of a symmetric key)--
sounds like too much. It would take months and months to decrypt even
12 digits I believe--on anything but a supercomputer? There was a
website that computed how long it takes, but I can't seem to find it.

RL

It sounds to me, like you need a newsgroup related to cryptography.

http://en.wikipedia.org/wiki/Cryptography

A real understanding of the issues involved, requires math.
An assumption that everything is solved with brute force
searches, is wrong. Many methods of cracking encryptions, are
many times faster than brute force search. So looking at
14 digits, and assuming 10**14 test probes, is wrong. There
is always a way to speed it up, even if the recovery or
cracking method isn't that good overall.

http://en.wikipedia.org/wiki/Rainbow_tables

http://en.wikipedia.org/wiki/LM_hash

http://en.wikipedia.org/wiki/NTLM (see especially, the notes near the end)
(17 years, to spot a weakness)

You'll get a much better answer in a cryptography group, assuming
you:

1) Clearly state the problem you're trying to solve. Whether it's
safe storage of a password, or the need to encrypt a stream of
information. State it in a way, that someone with a math background
can pick the best algorithm or method.

2) Don't clutter your question, with assumptions on your part.
Just state what problem you're trying to solve, and let them volunteer
the info.

It's a pretty specialized area, and not one you're likely to get
good answers to on USENET.

HTH,
Paul

 

[Dustin]

He's a crossposting troll that likes to insult people so he can feel
superior.

That's the impression that I get...

 

[Dustin]

But I am superior. And your inability to answer the question is
noted.

You're dismissed little man.

BTW you failed to explain HTTPS security as well, but then again I
don't expect much from you.

***
I and others have explained it, you *still* fail to understand it.
Your idea that encrypted data can magically decrypt itself without a
key shows your inability to comprehend the subject.

Perhaps it's the technical jargon. The words just might be too
overwhelming for him.

 

[Dustin]

Idiot. If you can't answer my question, which is on-topic, then
STFU.

My subject line is showing Encryption how big a to you need.. (that's
not my typo, I just copy/pasted.<G>) It's crossposting to
alt.comp.hardware,pc-homebuilt and alt.comp.anti-virus (where I'm
reading this nonsense); It is not ontopic in alt.comp.anti-virus;
Encryption isn't a virus. A virus isn't encryption. Encryption
discussions should be taken to a suitable crypto based newsgroup.

As far as answering the question, I've read several detailed answers on
it; and I thank the posters for taking the time to go into such precise
detail. Much of it being a long read, but, nice to see someone taking the
effort to explain something well. You don't seem to have a basic
understanding of cryptology tho; and I think the detailed material is
just too complicated for you to understand if you have no basic
understanding of cryptology.

I recommend you google cryptology and do some research and then the
information which has already been provided to you will make much more
sense. Your question has been answered.

 

[Dustin]

Right. So nobody has every paid you for your tool. I wonder how
many downloads you even have of it.

Have you ever written any tools to assist others? free or paid?

Nope. Wrong. People concerned with PCs are concerned with
security. We are not all overclocker hobbyists you know.

Yet, security specific newsgroups exist even cryptology newsgroups;
which is what you really want; it's specific security *heh*.. I wonder
why that is..../sarcasm.

 

[FromTheRafters]

It depends on how much security is desired, and how much plaintext needs
to be encrypted.

 

[RayLopez99]

BTW you failed to explain HTTPS security as well, but then again I
don't expect much from you.

***
I and others have explained it, you *still* fail to understand it. Your
idea that encrypted data can magically decrypt itself without a key
shows your inability to comprehend the subject.

Nope. You failed to demonstrate why intermediary S would have a
public key, unless said key was explicitly granted by C or Z.

Until you do, *you* are the ass.

RL

 

[RayLopez99]

| Right. So nobody has every paid you for your tool.  I wonder how many
| downloads you even have of it.

PCTipp has and displays the numbr of downloads since I allowed them to host it on PCTipp
Magazine.  That is not the whole story either since it was originally hosted on another
size.

Evasion noted. You're bluffing.

| We are not all overclocker hobbyists you know.

Wrong.

hardware.PC-homebuilt is about just that hardware for home built computers like mine based
upon an ASUS motherboard.

Security is of interest to homebuilt, homeboy.

alt.comp.ant-virus  is concerned with specifically malware.  Not generalized security.
That is what alt.computer.security  is about.  When I told you that last time, instead of
reposted your OT subject matter there you reposted it here and there.  Most annoying and
borders on abusive.

Annoying to you, not to me. Your peace is my disaster, flyboy.

The fact is the FTP, HTTPS and Encryptions questions were all Off Topic and you show
multiple misunderstandings in the posts concerning...
- how Usenet works
- how the protocols in question work
- what is considered On Topic or Off Topic for any given news group
- netiquette in general

Nope. That was in 1992. Long September since then.

Dave
Multi-AV Scanning Tool -http://www.pctipp.ch/downloads/dl/35905.asp

Yeah like I'm going to install this potential malware in my
system...NOT. Why reinvent the wheel when you can get an AV scanner
for free from a reputable company?

RL

 

[RayLopez99]

It sounds to me, like you need a newsgroup related to cryptography.

http://en.wikipedia.org/wiki/Cryptography

A real understanding of the issues involved, requires math.
An assumption that everything is solved with brute force
searches, is wrong. Many methods of cracking encryptions, are
many times faster than brute force search. So looking at
14 digits, and assuming 10**14 test probes, is wrong. There
is always a way to speed it up, even if the recovery or
cracking method isn't that good overall.

Well I thought somebody in this group would know whether the Windows
password algorithm was like the PGP algorithm. I guess not, since
Opchrack can crack it easily, and I've not heard that claim being made
for PGP.

RL