Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

encryption with 1024 or 2048 bit/letters?


  • Please log in to reply
14 replies to this topic

#1 sheevanian

sheevanian

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 May 2015 - 06:21 PM

hello all o/

 

i wonder if there is a method or a program to encrypt files/folders/drives, with an own significant chain of letters/combinations? the meaning of this would be: one cannot lose ones private key.

if one has not brought the usb-stick with the key: simply create a new one manually, by copy pasting ones rememberable words/senteces/combinations into a file, like for example my password is:

>> i can remember this password and ill copy paste it to reach 1048 letters123

 

icanrememberthispasswordandillcopypasteittoreach1024letters123
 

this is 62 letters (without spaces). now i copypaste it into a "keyfile" for example "privatekey.ppk" and i can access my public-keyed server with that private key-file:

 

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20090101
Private-Lines: 17

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillcopypasteittoreach1024letters123

icanrememberthispasswordandillco

---- END SSH2 PRIVATE KEY ----

 

this is only an example of how it could work. i think the public-key, or the keypair, must be created in ahead, matching ones personal letterchain/kombination.

 

i would be glad to hear from someone soon, and if im lucky with your method and you dont mind mailing me your postal adress, i will send you an originally packed board of swiss chocolate.

 

greetings,

sheevanian


Edited by sheevanian, 14 May 2015 - 06:28 PM.


BC AdBot (Login to Remove)

 


#2 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 PM

Posted 19 May 2015 - 10:26 AM

Are you describng your own idea for an encryption system? or asking if the thing you describe already exists? or asking how to do the thing you describe? Is there a paticuar context in which you need encryption, securing your computer, or a particular file, or a particular USB memory stick?


As far as I know 1024 bit encryption is usually more than necessary, it takes the current best brute-forcing algorithms running on a supercomputer a few milion years to crack a 256 bit key, 512 takes a few million years squared (so around a trillion years), 1024 will take even longer.

Edited by rp88, 19 May 2015 - 10:26 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 sheevanian

sheevanian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 20 May 2015 - 12:29 PM

thank you for you answer, rp88

 

what i am looking for is an encryption program (i dont mind the bit-length much, but the more secure, the better...^^). i want to know, if theres any encryption-prog, that allows me to create a key from plain text, so the key to decrypt the files, is an easy to remember chain of chars.

 

   that key for decryption, i want to enter manually, *either* into a password-field, or into a file like, *for example* private.ppk.

so i dont need to carry the key with me all the time.

 

i dont want to train and remember the automatically created private key^^. i want the key-chain in my .ppk-file, replaced by an easy to remember combination of characters. i dont care how long, as long as the files are encrypted. (the character-combination for the private key-chain is also no 2048 bits long, but i wouldnt mind, if i could choose that combination myself.) usual password-protection is not enough. if ones common with pcs, one can read out password-protected files, even without having the password.

 

i found on the net: advanced enryption package

which works fine for me. its diamond2 encryption supports long passwords.

but still i cannot set my "easy-to-remember-char-combination", im always talking about.

 

in putty key-generator, both keys, private and public, are created by mouse-movements.

 

i want my public key created, from an existing text.

so that existig text-file, becomes my private-key (private.ppk).

this could be my fourite joke in texform, for example.

so if needed, i can create a new prive key-file to decrypt my encrypted.

 

i hope this helps anyone, to understand my issue.

thank you



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 20 May 2015 - 04:24 PM

As far as I know 1024 bit encryption is usually more than necessary, it takes the current best brute-forcing algorithms running on a supercomputer a few milion years to crack a 256 bit key, 512 takes a few million years squared (so around a trillion years), 1024 will take even longer.

 

Actually, you have 2 major encryption algorithm classes: symmetric and asymmetric.

Symmetric uses the same key for encryption and decryption. A well known symmetric crypto algorithm is AES. AES uses 128, 192 or 256 bit keys.

Asymmetric uses a different key for encryption and decryption (public key and private key). A well known asymmetric crypto algorithm is RSA. RSA can use many bit length keys, but 1024 is/was considered a minimum for good confidentiality. A 256 bit key for RSA is easy to crack (prime factorization).

 

Rule of thumb: short bit key lengths (like 256) are for symmetric, longer bit key lengths (like 1024) are for asymmetric.


Edited by Didier Stevens, 20 May 2015 - 04:25 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 sheevanian

sheevanian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 20 May 2015 - 07:35 PM

thank you for your answer, bc Advisor,

 

the asymetric encryption is what i want. i use winscp to login on a remote systems root. i use puttygen generated keys. the public (its char-chain, i've pasted into "authorized_keys" on the open-sshd-server. with my private-key i connect and log in to the public-key. the keys consist of usual characters.

 

now, i have a sentence in mind, which i want to use as key for logging in. let this be my favourite joke for example.

from that, i want to create a public key that accords to "my favourite joke", to my private key "easy-to-remember-sentence-in-mind", in this example.

 

its not an issue of encrytion bits, if 1048 or 2048 or more or less. its more an issue of keypair-generating. the encryption software (or key-generating software), must enble keypair-generating that way.

 

still im gratefull for any answer, and the offer about that block of chocolate is still up^^

thank you



#6 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 PM

Posted 21 May 2015 - 08:41 AM

If you are just looking to encrypt files 7z might be helpful to you. It is available for download on this website. It lets you make encrypted archives to hold files, you can choose 256 or 512 bit key length (If I remember rightly), the key is whatever passwrd you type in. The archives need only this key typed in to decrypt them, there are no long keys to remember and no tying of the archive to a particular machine or a special USB based key. If you make your password reasonably long nd complex it should be very difficult to crack. 7z uses some form of AES but from what I've heard it is pretty secure, I think the encryption algorithm used is similar to that used in the now discontinued truecrypt.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 netsecphantom

netsecphantom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 21 May 2015 - 11:41 AM

it takes the current best brute-forcing algorithms running on a supercomputer a few milion years to crack a 256 bit key, 512 takes a few million years squared (so around a trillion years), 1024 will take even longer.

 

3 years ago China broke a 923 bit encryption in 148 days with 21 personal computers.... only 252 cores.

 

I agree with using 7z if you are just trying to encrypt files... otherwise you should look up a folder vault and pick one. If someone is wanting to gain access to your information there are far easier ways to do so than trying to decrypt your encrypted files, and if the government/police wish to look at your files then you are screwed any way.

 

To answer your title, more is always better and always use upper and lower case letters and numbers + special characters when possible = even still all this is made useless depending on how the website you have an account with stores their passwords.



#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 May 2015 - 12:30 PM

 

it takes the current best brute-forcing algorithms running on a supercomputer a few milion years to crack a 256 bit key, 512 takes a few million years squared (so around a trillion years), 1024 will take even longer.

 

3 years ago China broke a 923 bit encryption in 148 days with 21 personal computers.... only 252 cores.

 

I agree with using 7z if you are just trying to encrypt files... otherwise you should look up a folder vault and pick one. If someone is wanting to gain access to your information there are far easier ways to do so than trying to decrypt your encrypted files, and if the government/police wish to look at your files then you are screwed any way.

 

To answer your title, more is always better and always use upper and lower case letters and numbers + special characters when possible = even still all this is made useless depending on how the website you have an account with stores their passwords.

 

 

It was Fujitsu, in Japan, it was not China: http://www.fujitsu.com/global/about/resources/news/press-releases/2012/0618-01.html

 

And as you can read from the press release, it's pairing-based cryptography: http://en.wikipedia.org/wiki/Pairing-based_cryptography

That's not the same as RSA and AES crypto, so you can't compare the keylengths.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 21 May 2015 - 12:32 PM

thank you for your answer, bc Advisor,

 

the asymetric encryption is what i want. i use winscp to login on a remote systems root. i use puttygen generated keys. the public (its char-chain, i've pasted into "authorized_keys" on the open-sshd-server. with my private-key i connect and log in to the public-key. the keys consist of usual characters.

 

now, i have a sentence in mind, which i want to use as key for logging in. let this be my favourite joke for example.

from that, i want to create a public key that accords to "my favourite joke", to my private key "easy-to-remember-sentence-in-mind", in this example.

 

its not an issue of encrytion bits, if 1048 or 2048 or more or less. its more an issue of keypair-generating. the encryption software (or key-generating software), must enble keypair-generating that way.

 

still im gratefull for any answer, and the offer about that block of chocolate is still up^^

thank you

 

I know of no program that can do this for you. Fuhermore, I don't think you would have a good key if it's composed of repeated character sequences.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 netsecphantom

netsecphantom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 21 May 2015 - 02:38 PM

 

 

it takes the current best brute-forcing algorithms running on a supercomputer a few milion years to crack a 256 bit key, 512 takes a few million years squared (so around a trillion years), 1024 will take even longer.

 

3 years ago China broke a 923 bit encryption in 148 days with 21 personal computers.... only 252 cores.

 

I agree with using 7z if you are just trying to encrypt files... otherwise you should look up a folder vault and pick one. If someone is wanting to gain access to your information there are far easier ways to do so than trying to decrypt your encrypted files, and if the government/police wish to look at your files then you are screwed any way.

 

To answer your title, more is always better and always use upper and lower case letters and numbers + special characters when possible = even still all this is made useless depending on how the website you have an account with stores their passwords.

 

 

It was Fujitsu, in Japan, it was not China: http://www.fujitsu.com/global/about/resources/news/press-releases/2012/0618-01.html

 

And as you can read from the press release, it's pairing-based cryptography: http://en.wikipedia.org/wiki/Pairing-based_cryptography

That's not the same as RSA and AES crypto, so you can't compare the keylengths.

 

 

Dah, apology's, I should have read farther. Off topic but, wouldn't that make anything past 1024 or even 512 be irrelevant? It will sufficiently block unwanted intruders that are not equipped or informed enough to get past and would almost never be broken? Plus if someone with the power and knowledge to do this will try many other things I would assume...  I guess I am trying to say that this may not be the bottle neck you should worry about?

 

http://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php



#11 rp88

rp88

  • Members
  • 2,965 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:21 PM

Posted 22 May 2015 - 11:36 AM

Regarding "irrelevance", one could argue that encryption solutions of the toughest type are irrelevant these days, because less tough types are still impractical (perhaps impossible unless the cracker is willing to wait several million years). But once method is found for encrypting something with a 256 bit key then the extra effort needed for a 512, 1024 or 2048 bit key is not much, so although the extra security might be un-necessary* there is very little extra effort required to implement it. When encoding a file, or decoding it with the right password, the key length doesn't vastly cnge the time and computing power needed. So although the longer keys might not be needed they do offer extra security at vry little extra bother. At present governments and militaries have standards for encryption and standards for other things (like how heavily a used hard-drive should be wiped), lower standards would be enough to reliably protect the secrets, but in future such lower standards might be passable while higher ones might still not be, so it does make sense to encrypt things beyond what is really needed.


* Of course if you have something really secret and want to future-proof it's secret nature than putting it in a tougher encrypted file makes sense, maybe some day there will be a quick way to break shortter encryption keys but breaking longer ones would still be extremely slow.

Edited by rp88, 22 May 2015 - 11:39 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 22 May 2015 - 03:00 PM

Most encryption algorithm implementations do not allow arbitrary key lengths. For example, AES only supports 128, 192 and 256 bit key lengths.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 sheevanian

sheevanian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 24 May 2015 - 01:33 PM

wow thank you all for your postings!

 

i want to encrypt fotos and vids. (not a remote ssh connection host server or so)
i want to carry them around and access them, without the key being present on the device. (at least not as prepared/designated ready-to-use key-file)
i want maximum securitey^^.

 

example: im gonna carry a vast of e-books on my device, with the encrypted files on it. in the deepths of those ebooks, the private charstring is hidden in plain form. and only i know. that charstring of  lets say 3000, letters goes into the privat-key.ppk for decryption (which i would create.on the foreign presentation-pc manually)

 

in ahead, when encrypting, one must define that charstring of course, or the encrypted, wouldnt recognize it.

 

theres many ways to create key and even more key-forms. all of them force one, to use the computers random mousemovements as source for the keypair. or the software creates the key totally in the background, without the user being able to interfere.

instead of mousemovements as keysource, i want to give the computer a "certain charstring" of my own, to create a public key from it, which i can use for encrypting. and which gets decrypted, when served that "certain charstring".

 

seems like no software offers that, tho its just the same concept as asymetryc encryption. symetric encryption by passwords/pass or key-phrases dont support 3000 chars long passwords...

 

greetings o/



#14 sheevanian

sheevanian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 24 May 2015 - 01:53 PM

another point is: when the encrypted gets decrypted, one can extract the data as decrypted, of course and save them decrypted for future access without the key required. thats now in everyones own personal responsibility, of how to deal with such.

 

once decrypted, the data is written to the hdd/memory unencryptedly....into cache-memory, temp-memory wherever.

lets say, one monitors the presentation on the foreign computer, because one does'nt want somewhat to remain on the foreign pc.

 

is there any encryption software, thats programmed to shredder encrypted data irrevocably somehow? preferably with a log...



#15 sheevanian

sheevanian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 24 May 2015 - 02:04 PM

well forget about that shreddering, i guess that must be done entirely manually...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users