Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 10:14
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why Puppy's Light Encryption Option is a Joke (Educational)
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [18 Posts]   Goto page: Previous 1, 2
Author Message
SFR


Joined: 26 Oct 2011
Posts: 1072

PostPosted: Sat 21 Jan 2012, 18:28    Post subject:  

This thread reminds me my own struggles with XOR encryption on C64, many years ago.
Right after I wrote such tool I discovered that if file contains a longer string of the same bytes, the whole encryption is worth nothing. Laughing
How hard I tried to make it more 'secret'!
Even I added tracing of $d012 cell (current raster line position) to encryption algorithm to make it more complex. Laughing
And the effect was pretty cool: eg. "aaaaaaaaaaaaa" string encrypted with "a" passphrase has produced something like "dZ@2&"{[6g]'\!" as output!

Unfortunately, I just read somewhere that even this can be cracked using "frequency analyzing" or something like that...

Anyway, this thread (again) inspired me to write another encryption tool.
Details here: http://www.murga-linux.com/puppy/viewtopic.php?t=75404
It uses openssl and AES, so I hope it's more secure..? Wink

Greetings!

_________________
[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send private message 
Digital_Dissident


Joined: 02 Mar 2010
Posts: 25
Location: U.S.- E. Coast

PostPosted: Sun 19 Feb 2012, 08:36    Post subject: NOW You Tell Me?!
Subject description: Essential Warning Relegated to "Off-Topic" Section?!
 

Pizzasgood wrote:
Well, it should go without saying that when presented an option between light or heavy encryption, you should choose the heavy.


"go without saying"?!

I came across this post just last week by accident. Thankfully, still before anyone had access to my "light encryption" save file.

The OP in this thread is dated December, 2009-- over two years ago now-- and the latest Puppy releases still suggest choosing "light encryption" when creating a save file that will be saved to a hard drive!

And this post is relegated to an "off-topic" section and a cavalier tone?!

"Educational"?

This is an essential warning! Why was it never stickied to the very top of the forum?

I am flabbergasted.

Surely there are at least some Puppy users out there who are at risk of having their sensitive data compromised and they don't even know it.
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 19 Feb 2012, 13:50    Post subject:  

Though I posted this in 2009, the weakness had been known to the forum since not long after it was implemented, whenever that was (2005?).

If Puppy is recommending the light option, then I agree it should be changed around. It should strongly encourage the use of the heavy option. People should only use the light option if they have already tried the heavy one and actually noticed a performance hit, and even then only if they are not very concerned about their data falling into the wrong hands. The selection page should clearly state that the light option is trivial to break, with a big all caps WARNING label included.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 2 of 2 [18 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0500s ][ Queries: 13 (0.0061s) ][ GZIP on ]