128 bit blowfish..how long to crack?

Why the hell do you "need" 70 character passwords for 256 bit?

You can blowfish a single bit if you needed to. Besides which, you shouldn't be storing recoverable passwords, no matter how "secure". Use a hash like SHA256 and then hash the users password on input for comparison.
 
dirtydog said:
It depends how much / bad the child porn that you possess is, I guess. (generic you ;)) I seem to remember some people being let off jail for child porn offences.
Click to expand...

im guessing they still get marked as a sex offender even if they dont get jail time due to jails being full. so even if refusing to give passwords does get you jail time, it could be better for the offender to do the time in jail rather then get marked as a sex offender.

and chances are, if they cant jail sex offenders due to overcrowding in jails, refusing to give passwords isnt likely to get jailed either.
 
Dist said:
im guessing they still get marked as a sex offender even if they dont get jail time due to jails being full. so even if refusing to give passwords does get you jail time, it could be better for the offender to do the time in jail rather then get marked as a sex offender.

and chances are, if they cant jail sex offenders due to overcrowding in jails, refusing to give passwords isnt likely to get jailed either.
Click to expand...
The reason for them not being jailed wasn't (given as) lack of space in prisons. And even if you are jailed, you are still put on the sex offenders register AFAIK.

FWIW personally I don't think that the State has any right to demand that private individuals hand over passwords which could incriminate themselves, on principle.
 
dirtydog said:
generic you ;)
Click to expand...
Yep don't wont to accidentally accuse some one of that now do we ;)
Dist said:
im guessing they still get marked as a sex offender
Click to expand...
I'm pretty sure that they're not. Schedule 3 of the 2003 Sexual offences act lists those crimes that get one entered onto the list. RIPA isn't on it.
dirtydog said:
FWIW personally I don't think that the State has any right to demand that private individuals hand over passwords which could incriminate themselves, on principle.
Click to expand...
A password doesn't incriminate you though. By itself it is of no meaning. Its the actual contents of the data that will determine guilt or not.

Given that the police have obtained a warrant that empowers them to seize your computer etc, then I think that they've already provided enough reason to obtain any necessary passwords etc to read the data on those devices.

I really can't see where you are coming from here.
 
Sleepy said:
Given that the police have obtained a warrant that empowers them to seize your computer etc, then I think that they've already provided enough reason to obtain any necessary passwords etc to read the data on those devices.

I really can't see where you are coming from here.
Click to expand...
In the US, the constitution affords you the right to avoid self-incrimination.

To be convicted, the authorities should be able to provide their own proof of your guilt. If they cannot then tough cheddar. But (AFAIK) in the UK, failure to provide your password to an encrypted disk can be taken as proof of guilt in itself. How can this be right?
 
Business Man said:
What is the best encryption to use

Triple DES
AES-256
Blowfish
Twofish
Click to expand...

Aes 256 bit. However you can encrypt a file with multiple ciphers each with their own key, eg, aes 256-twofish 256-serpant 256.


Programs like truecrypt allow you to create a hidden partition inside a normal encypted partition, so when asked to give over your keys, you simply give the keys for the outer partition and they will not be able to tell there is a hidden partition because free space is encrypted.
One time pad encryption is unbreakable even with a quantum computer if the password is completley random.
 
Energize said:
Programs like truecrypt allow you to create a hidden partition inside a normal encypted partition, so when asked to give over your keys, you simply give the keys for the outer partition and they will not be able to tell there is a hidden partition because free space is encrypted.
Click to expand...
aka plausible denial
icon14.gif
 
dirtydog said:
To be convicted, the authorities should be able to provide their own proof of your guilt. If they cannot then tough cheddar.
Click to expand...
I get your position but I think the subtle distinction between self incrimination and providing a key to decrypt data is enough to allow the state to ask for it.
But (AFAIK) in the UK, failure to provide your password to an encrypted disk can be taken as proof of guilt in itself. How can this be right?
Click to expand...
Its not proof of guilt, but it is an offence if you do not comply with a lawful order made under the powers of the RIPA act.
 
Sleepy said:
Its not proof of guilt, but it is an offence if you do not comply with a lawful order made under the powers of the RIPA act.
Click to expand...
Not proof of guilt of whatever offence they suspect you of perhaps, but it is enough to be a crime punishable by jail, is what I mean :) I don't think that this can be right.
 
having this thread hijacked to a thread on child pron really is pathetic. How much brain power do you require to understand that when traveling on business its often impossible not to carry sensitive information via a laptop .......m&s just had this problem..these examples come up time after time....

i use a program called safehouse...when i create a volume and try to use 256 blowfish it says it requires a password of around 70 characters...i have no idea why!
 
ashagplz said:
having this thread hijacked to a thread on child pron really is pathetic. How much brain power do you require to understand that when traveling on business its often impossible not to carry sensitive information via a laptop .......m&s just had this problem..these examples come up time after time....
Click to expand...

What are you talking about :confused: 1 Person said it could be used for that but was not refferring to you. It's hardly been hijacked.
 
Your key should be the combination of 2 things, your password/phrase and some random data, as such protect both, that way even if someone gets one half they are no closer to having your encryption key and would have to brute force the whole keyspace for whatever encryption system you've used.
 
The best way to create a unbreakable password is the following:

1. Think of a password, in this case I'll choose 'Conspiracy'.

2. Convert the password into an MD5 Hash using an online text to hash converter (like this one). 'Conspiracy' now becomes 'cd12bcf72582d1f5b0b8e52dfa323913'

3. You now have an incredibly difficult password to crack - I should know, I do this for a living. The best part about it is that you never have to remember 'cd12bcf72582d1f5b0b8e52dfa323913', you just have to remember 'Conspiracy' and have access to a text to hash converter. As long as you always choose the same hash algorithim (i.e. MD5, SHA1 etc.) then the hash will always be the same.

HTH :)
 
You must log in or register to reply here.
Back
Top Bottom