Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
From:
Mark Rode <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Sat, 25 Jun 2005 00:55:08 -0700
Content-Type:
text/plain
Parts/Attachments:
text/plain (125 lines)
At 02:23 AM 6/24/2005, you wrote:
>Date:    Tue, 21 Jun 2005 14:58:16 -0500
>From:    Anna Summers <[log in to unmask]>
>Subject: Re: Password XP
>
>
>---I read the information at the site (is this a site selling a particular
>encryption program?), and I am still confused.

No, he is explaining the security levels of different bit encryption levels.

>Is it saying that selecting 256-bit AES encryption in WinZip is meaningless
>unless you use a password 32 characters long?

No, he is simply saying that the time it takes to overcome an encrypted key
( they are not passwords) grows exponentially, as you increase the length,
and randomness, of the characters in the key.

>Is it saying that WinZip 256-bit AES encryption (using a 12-char password)
>can be deciphered WITHOUT the password, by de-crypting the encryption, in 4
>hours?

no ... and it's not a password..it's a key

>What role do my hardware and software firewalls play in this?  If Zone Alarm
>prevents anything being sent from my computer without my knowlege and
>permission, how could someone get the information that was on my computer in
>the first place?

Your risk from hackers will come from dangerous web sites that try to run
code on your computer, Trojan horses that hide on your computer, and allow
others to access your files, spywhere that watches you and reports back, or
changes to home pages, bookmarks, etc. Point to point file access programs,
like Bit Torrent which leaves you vulnerable to others who may have access
to your files,  running a FTP server, web server, anything that invites
people in and allows them to run scripts or programs.

If you are using a reputable anti virus scanner, that is regular updated,
is running in the background, and which does full (every file) scans weekly.
And
You have a hardware router with it's own Firewall
And
You have a software Firewall like ZoneAlarm that warns you when programs
attempt to access the Internet
And
you are using a Spywhere program that runs in the background.... like Spy
Sweeper,... or Adaware or Spybot and are manually updating and  running
them weekly
And
You take prudent file sharing precautions ... like turning off file sharing
on sensitive folders, or volumes that don't need to be shared.
And
You aren't doing anything like running a web server, ftp site, allowing
remote access, or any kind of point to point file sharing, unless you
REALLY understand the risks.
And
You keep up weekly with all of Microsoft critical updates

If you are doing all this then you have no risk from online attack.

However, if someone has physical access to your computer then you may be at
risk in ways you haven't thought about. You say nobody, but you, has access
to your computer OK... but suppose somebody stole it. What would they have
access to, what kind of damage could they do to you.

If you have zipped up your sensitive files, and 256 AES encrypted them... AND
you haven't left temp files, with the data on them, or copies of them
scattered around... And
you have used a 8 or 12 character password, then you are fine. No one, no
where,will, at least with todays hardware, be able to crack the key.

However, you are thinking about this wrong. A password is just that, a
group of characters that once presented, allow access to whatever. A gate
keeper. But an encrypted key is <part of the code> of the file itself.
Unless the key is incorporated in the file, then the file is worthless. A
key can be in the form of group of characters that you present, like
Winzip, ...or better, in a tiny file containing randomly generated
characters to the total permitted length of the encryption you are using.

A key file is far better then a 8, 12, 16, 20 or bigger group of characters
that you input. These keys are made by the program that is encrypting the
data. To open the file you need the key. Nobody but "Data" could remember a
56, or greater, randomly generated key so you have a file that you keep off
your computer on some other media.

The difference with the key is that you don't open a particular file, you
open up a virtual drive. It is a single file, but the computer will see it
as a volume. Everything you do with a normal volume you can do with this
one. But everything you put on the volume becomes encrypted.

  Winzip uses real encryption but with a password type interface. Nothing
wrong with that or your 8.. was it? character password.

I have read that a computer club, using all of it's computers in a cluster,
was able to crack a 16 character DES key in about 24 hours. DES is a bit
old for todays hardware, however, that is a lot of computers, working flat
out, for 24 hours.

  DES3, Blowfish, and AES  is a whole different level of encryption. Not
even the CIA, using super computers could crack a full length key, in any
kind of reasonable time frame. This is why law enforcement doesn't like
encryption, and why they have always asked, at least in the US, for some
kind of back door, which kind of defeats the purpose of encryption.

When evaluating your security, look to the weakest link. If you have things
set up right the weak points are usually the single password, that accesses
other keys, and passwords, and your trust in the manufacturer of the
software of the encryption program you are using. I trust Winzip as a
manufacturer. However, I will be happier with them when they get around to
having a AES256 self extracting program.

The short answer to all this is. Stop worrying... your fine.

Rode
The NOSPIN Group
http://www.freepctech.com/rode/


>Thanks for the help - I feel like dummy about this,
>AnnaSummers---

                         PCSOFT's List Owner's:
                      Bob Wright<[log in to unmask]>
                       Drew Dunn<[log in to unmask]>

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV