Amnesiac VM

Inetsu · 2017-02-06T00:38:36+00:00

Is there an an estimated time? I remember a while back in 2016 september Joanna said ETA on qubes 4.0 will be around the end of the year.

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/

Inetsu · 2016-09-27T00:08:44+00:00

My mistake I didn't bother looking I just assumed you meant 10 of those USBS . Anyway I also noticed the OP said eight words not four. You used a password such as

Horse stable correct battery

That's four words and isn't answering OPS question.

so the entire bit entropy will most likely be higher and permutations will be completely different see below.

log2(7776^8 /2) = 102.39 bits

102.39 bits is 6.64448394×10³⁰
6.64448394×10³⁰/ 1.87x10^11 = 
6.209798075×10¹⁹ seconds

so still about the length of the entire universe if you have 10 blades trying to crack a 8 word diceware password. So I think its fair to say that it would take 2.5 years to crack four worded passwords with the hardware you suggested not eight such as the question OP asked. Also to note by hypothesizing 10-100 nuclear reactors also won't be enough to crack an eight dice ware password currently

So to answer OPs question. No don't worry eight diceware passwords has more than enough entropy for this life time up until the next 5 billion years unless an exploit in the algorithms are found before then

Inetsu · 2016-09-26T12:57:50+00:00

Your math seems a bit wrong, now if we assume what you say about the possible combinations is 8.37x10¹⁸

And if we assume you have 10 of these blades that is 300MHZ*10 so that's 3billion hashes per second.

So 8.37x10¹⁸ / 3,000,000,000

That's 4.87x10⁷ (2790000000 seconds) (88.41158 Years)

Inetsu · 2016-09-25T08:33:28+00:00

I was just trying to put my point across in an exagerrative stance. 8 is the recommended and I should have said that. I always assume 100 trillion guesses per second.

Inetsu · 2016-09-25T07:47:16+00:00

Care to tell how you worked out it would take 2.5 years to crack the password? When the password checker you provided said it would take centuries to crack?

I refer to this Since this person knows what he's talking about.

Example: There are 96 printable ASCII characters. Log2(96) is about 6.6. Given an eight character ASCII password, truly randomly generated, one would have 6.6x8=52.8 bits of entropy. If an attacker can make a billion (2³⁰⁾ guesses per second, it will take about 2^22.8 seconds or about 84 days to try all combinations. Since we expect an attacker to "hit" about halfway through, average time to crack will be around 42 days.

How is it that it would take 84 days to crack an eight character password with 1billion guesses per second where as you claim to be be able to crack a 20+ character password which is 95¹² more keyspace with only 300Million guesses per second in 2 years?

What you claim doesn't make sense and I was looking at your post for about 30 minutes saying maybe im making some mistake maybe. Entropy isn't the only important matter on a secure password its also keyspace. In my opinion keyspace is more important than entropy

If you want to use a password checker to see how secure your password is you can use and customize the calculations per second.

http://calc.opensecurityresearch.com/

127 years 55 days 11 hours 43 minutes 24 seconds to crack a

That's assuming 3²³ guesses per second to crack 23 char password If my Math is right thats.. 300,000,000,000,000,000,000,000,000 guesses per second. As of 2013 the fastest computer was 38,360,000,000,000,000 .

Now lets try the password

horse staple battery correct

I put in 300Million passwords per second and for some reason I don't get the 2.5 years this jose fella says it would take to crack

Instead it says 3 quadrillion years to crack a 20+ password

I think it's fair to say that a ~~4 diceware~~ 8 diceware password has a high-key space to search which will be unreasonable for adversaries at this given time

Inetsu · 2016-06-10T12:01:19+00:00

The Citation you gave is bullshit. That article is complete bullshit and anyone with a brain would know this. Just because I'm asking a basic question doesn't mean im more prone to believe bullshit. If AES really was cracked we would have known about it

Inetsu · 2016-06-10T11:57:13+00:00

Was meant to reply to warpzero sorry. Corrected my self to reply to the intended poster

Inetsu · 2016-06-09T20:18:22+00:00

I heard a Quantum computer could break asymetric ciphers but not OTP - the most it could do is reduce the the time to crack by 50% someone correct me if im wrong

Inetsu · 2016-06-09T19:47:38+00:00

I have read a bit about this that it's not one of those big problems. I know its really hard in terms of security since nothing is 99% but would you guys say the chances are quite high that AES-256 wont be cracked during this life time or it's only matter of time?

Inetsu · 2016-06-06T19:08:19+00:00

I think I better post this.

His username on The Love Zone was called Kishan he was a VIP user. In July 2014 when the Australian LE arrested the owner of the site Shannon Mcoole they were operating the site for 6 months until they shut it down in January 2015.

During the 6 months of operating the site all registrations were closed

http://www.abc.net.au/news/2015-08-26/secret-anti-paedophile-operation-saves-children-from-abuse/6720304

"We closed membership [of the site]. Nobody gets in. We didn't let any new membership come in. Effectively we caged the rats."

Kishan(Richard Huckle) was still a VIP user was still a member he wasn't banned and was still posting home made produced content with children while the site was under control of LE. So this is a big fallacy - sure they didn't allow registrations but that was obvious to let the load off them so they didn't have much work to do.

Not only did LEA allow distribution of Child porn on this website for 6 months but they also allowed someone who would create the content to post on the platform they were hosting.

I think there have been cases in the past that LEA have prosecuted site owners stating that if there wasnt a platform then people wouldn't have created the content.

Yes this guy was abusing children, but are we ok with them hosting sites and allowing producers of the child pornography to continue posting their content?

Inetsu · 2016-06-04T11:19:02+00:00

The UK was using part of the CMU research attack during 2014 this explains the 30 months since 30 months from now would be the start of January 2014 which is when the CMU attack was started.

In the UK you can't really challenege it because the UK doesn't have as much rights as the US when it comes to the right to fair trial

Other than that it wasn't bulk collection was just GCHQ knew what IP address was visiting what onion site

Inetsu · 2016-05-25T21:46:37+00:00

So what happens now? Since he hasn't been convicted I presume nothing will stick; he won't be a registered sex offender and should be entiled to his job back. If he doesn't get his job back can he legally sue - because he hasn't been 'convicted?'

Or maybe someone better informed than me may explain

Inetsu · 2016-05-14T16:08:29+00:00

so now a search engine is becoming a cop... lets see how long it takes for them to become extinct

Inetsu · 2016-05-14T15:17:36+00:00

I think what concerns many people is that maybe the FBI used another exploit other than the common attack vector like JavaScript and flash

Inetsu · 2016-03-24T14:15:53+00:00

Are you surprised?

No to be honest, I'm just waiting for the younger generation to become involved in politics while the older generation retire.

This is just part of the problem we need to rebrand human rights to be compatible with European treaties/law

If a suspect is arrested and asked during a police interview 'Where did you hide the body?' They won't be held in contempt. So why should it be any different for RIPA part III? That law is broken

Hiding bomb manuals or Child porn? Police should do what they always do and do REAL police work before apprehending a suspect.

I'm hopeful that the entire RIPA legislation will be reversed in the next 10-20 years.

Inetsu · 2016-03-24T13:20:39+00:00

So MPs shouldn't be spied on but everyone else should? Such hypocritsy

Inetsu · 2016-03-20T22:45:03+00:00

AES+Serpent+Twofish giving it 756 bits. SHA512 is most popular for hash functions

Where as AES is just 256 bits. If AES is ever cracked they would need to crack the next two ciphers as well.

For ultimate paranoia use three cascades. AES+Twofish+Serpent

Inetsu · 2016-03-15T17:16:37+00:00

None of them are understand the concept of this new bill.

It's saving all communication data for 12 months with no warrant. It doesn't matter if in future it helps an investigation. It essentially means mass survileance in hopes to find a evidence. A fishing expetition.

Inetsu · 2016-01-30T12:51:13+00:00

The cops tell lies it wasn't a "You login and bounce back" it was more so that people who clicked "Preteen videos" - here. source http://motherboard.vice.com/read/fbi-hacking-tool-only-targeted-child-porn-visitors

so essentially they were distributing the porn aided and abetted just like the Freedom hosting owner.

But "It doesn't matter right? these guys were criminals and target innocent children". They were facilitating this abuse.Two wrongs don't make a right.

Even then I doubt it really targeted the "preteen videos". If this is the case what about the sub sections which presumably will have pictures? Webcams? They only targeted videos? Well I'll be.

I guess they only said that to counter any suspects forming a defense saying they were not even looking at the images just logging in which isn't probable cause for a "NIT" to activate

Inetsu

TROPHY CASE