Hacker News new | past | comments | ask | show | jobs | submit login

While this is interesting, what effective bruteforce techniques are there against currently used encryption?

Even 3DES is still likely to be secure against all but state actors.

Mind you this can't be used with hashing since this effectively be a collision (could possibly be used with salt poisoning and potentially with variance in rounds).

It all depends on the implementation. In some implementations the plaintext is still revealed even with an incorrect key, and so more than likely the cracker sees random noise. The Honey technique, of course, gives plausible looking plaintext to fool the cracker.

Not forgetting you can just slow a brute force session down by punishing multiple attempts.

> Even 3DES is still likely to be secure against all but state actors.

Not if my passphrase is S3cur3!. The primary use case for HE is securing data that's encrypted with keys that a human chose.

If you are attacking pass phrase key derivative algorithms then it usually doesn't matter what encryption you are using unless it's something that was intentionally designed to protect passwords and is punitively slow.

This could potentially work but the problem is that KDA's are used to generate KEKs usually not to encrypt the actual data.

It also remains to be seen of this has an impact on the strength of the key especially for chosen plaintext attacks.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact