Showing posts from March, 2010

Paper Keys and Me Wearing the Dunce Hat

When I said you could ignore this blog for the next couple of weeks, little did I realize how true that would be. I know this is the internet where no-one is ever wrong , but I'd like to retract some of the statements I made in the previous post about Safeberg's use of paper keys. As I said before , I won't always be right, but I will try to correct myself when I am proven wrong. My real failure was that I didn't take the time to perform the proper research. That's why I wasn't planning on posting anything in the first place. But then I saw pictures like the one below, and just about every, "Someone is BSing me" alarm I had went off. Hence the angry post. While some of the underlying points I made were factually correct, I had in my mind that Safeberg was selling standard file encryption software like Truecrypt. Instead they provide file storage and recovery. That's a pretty big misunderstanding on my part. The reason why that makes a differenc

Paper Keys and Tinfoil Hats

I know I said I wasn't going to post anything, but then I saw this craziness on slashdot and like other bad ideas I just have to share it. For those of you who don't want to click on the link, (smart move), a short summary is that a company called Safeberg is marketing file encryption software where the private RSA key is stored on a printed out piece of paper . To decrypt your files, you just take a picture of the key with your web-cam and their software will turn it back into a digital key. You can see a YouTube video they produced about it here . No seriously, this is a real product... How do I know this is snake oil? It's using zany solutions to something that's not a problem They spend all their time talking about key length First, let's back up and talk about file encryption. I've written a proof of concept password cracker for TrueCrypt encrypted files, and I'm currently working with another graduate student to implement it using GPU processors, so

Just a FYI

I apologize for the lack of actual posts. Right now I'm facing several fairly strict deadlines when it comes to graduating, so you probably can ignore this blog for the next two weeks or so. I know, it's annoying for me too because from real life spies caught on camera , to a new WPA attack , there's a few things to blog about... For now though, it's LoLcats and funny comics 24/7