@dave

By all accounts, #Signal's implementation is as secure as #AES256 can be.

Signal depends on physical security of the device. Has the device been stolen? Has it been compromised? Is the user under video survellenc?

@mastodonmigration @GottaLaff Obviously, all #SATCOM is insecure.

• X-Band - based #MILSATCOM use proprietary encryption systems.

• The best in terms of #COTS AFAIK is #IridiumPTT which does #AES256 over the air (if not the entire #IridiumNext system except legacy services) but that is a fully-managed solution with custom, embedded hardware.

• Whereas most commercial satellite Internet is insecure af, tho I'm shure Ukrainians know how to setup their own #VPN!

@heiseonlineenglish OFC #NATO needs to step up their game.

#Link11 is unencrypted and #Link22 insecure for ages.

Pretty shre they have yet to adopt something like #RSA-8192 + #AES256...

Парольная защита статичной HTML-страницы на JS

Обычно парольная защита производится через веб-сервер, который проверяет пароль и выдаёт контент. Стандартный способ: .htaccess и htpasswd . Но что, если нужно выложить зашифрованную веб-страницу и файлы на публичном хостинге, где у нас нет контроля над сервером? Эту проблему решают инструменты StatiCrypt и Portable Secret . Для шифрования HTML перед публикацией StatiCrypt использует AES-256 и WebCrypto, а расшифровка происходит с помощью ввода пароля в браузере на стороне клиента, как показано в демо (пароль test ). StatiCrypt генерирует статическую страницу, которую можно безопасно заливать на любой хостинг, в том числе бесплатный сторонний хостинг, такой как GitHub Pages.

https://habr.com/ru/companies/globalsign/articles/868780/

#StatiCrypt #AES256 #WebCrypto #парольная_защита #PBKDF2 #Portable_Secret #шифрование_файлов

Развенчан слух, что Китай взломал современную криптографию с помощью квантового компьютера

В октябре 2024 года мировые СМИ стали распространять пугающие новости о том, что китайским учёным якобы удалось взломать современные криптографические шифры военного применения с помощью квантового компьютера D-Wave Advantage (на фото вверху). Эти новости основаны не на пустых словах, а на научной статье от группы исследователей под руководством д-ра Ван Чао (Wang Chao) из Шанхайского университета. Статья опубликована в сентябре 2024 года в журнале Chinese Journal of Computers . Авторы использовали D-Wave Advantage для успешной атаки на три алгоритма — Present, Gift-64 и Rectangle, которые являются критически важными для расширенного стандарта шифрования (AES), используемого для защиты данных в правительственном, военном и финансовом секторах. Западные эксперты по криптографии изучили статью и оценили достижения китайских коллег.

https://habr.com/ru/companies/globalsign/articles/859218/

#квантовый_компьютер #Present #Gift64 #Rectangle #военная_криптография #гражданская_криптография #DWave_Advantage #AES #AES256 #квантовая_нормализация #квантовый_отжиг

Interesting development of ransomware, however I find the title misleading as AES-256 isn't really "stronger" than ChaCha20: https://www.bleepingcomputer.com/news/security/new-qilin-ransomware-encryptor-features-stronger-encryption-evasion/

#ransomware #aes256 #chacha20 #encryption

中國上海大學科學家聲稱：已用量子電腦突破軍用級加密！ - INSIDE

Link

📬 SAV7: Einzelne Dateien oder Ordner kostenlos verschlüsseln
#Datenschutz #Empfehlungen #ITSicherheit #AES256 #KeyFile #Passwort #SAV7 #Verschlüsselung https://sc.tarnkappe.info/f8d9d7

How safe is it to store my private gpg key in the open? It requires a passphrase, and
I thought about adding an additional passphrase for the file stored in public

gpg --armor --export-secret-keys MY-KEY-ID | gpg --symmetric --cipher-algo AES256 --output MY-PRIVATE-KEY

AES256 should be safe with a strong passphrase, right?

Is this Safe Enough, or is this insanity?

#gpg #security #aes256

We recently reached 256 posts on Mastodon, so it's time to talk about AES-256! But what exactly is it and why use it?

Extremely secure: Practically unbreakable
Future-proof: Better protection against advances in computing power
Familiar and proven: Government and military standard
Protect your sensitive data now! 💪✨

#Security #Encryption #AES256 #Data protection #CyberSecurity #Tech #Cryptomator #DataProtection #ITSecurity #SecureConnections #FutureProof #DigitalLife

Wie lange wohl die Verschlüsselung von ein paar TB mittels aes256-cbc dauern wird 😁
@aes256
#aes256

🎊 We are starting #2024 off right! 🎉

With the latest update all Tuta accounts are now utilizing #Argon2 and #AES256 encryption by default.🔒💪

This security improvement is the next step towards full #postquantum encryption!
👉 https://tuta.com/blog/aes-256-encryption

Das überrascht mich - iOS kann inzwischen AES256 direkt "entzippen"?
Könnt Ihr das bestätigen?
1. Datei mit 7zip verschlüsselt (AES256-Modus).
2. Datei auf Nextcloud geladen.
3. Nextcloud-Pfad in iOS-Dateien-App geöffnet.
4. Passwort wird abgefragt und entschlüsselt.
Früher musste ich da den Umweg über Filebrowser oder andere Tools nehmen.

#Verschlüsselung #AES256 #Zip #7Zip #iOS

@marcan @lanodan the only cases where one would need even more Power are setups like High-Bandwith #VPN Gateways like some huge #pfSense if one needs 40+ GBit/s throughput on #OpenVPN or #WireGuard.

Mind you that #LUKS - aside from the encryption of the key in the header, uses #AES256 by default for a long time and is pretty efficient even prior to #AESni.

So no, in most cases the impact is purely synthetic and not really of any impact...

» robinmoisson/staticrypt: Password protect a static HTML page https://t.co/GmMGJTiAKH // StatiCrypt uses #AES256 to encrypt your #HTML file with your passphrase and return a static page...

Many of you have been asking for my thoughts on the #LastPass breach, and I apologize that I'm a couple days late delivering.

Apart from all of the other commentary out there, here's what you need to know from a #password cracker's perspective!

Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256 (can be configured to use more rounds, but most people don't). #PBKDF2 is the minimum acceptable standard in key derivation functions (KDFs); it is compute-hard only and fits entirely within registers, so it is highly amenable to acceleration. However, it is the only #KDF that is FIPS/NIST approved, so it's the best (or only) KDF available to many applications. So while there are LOTS of things wrong with LastPass, key derivation isn't necessarily one of them.

Using #Hashcat with the top-of-the-line RTX 4090, you can crack PBKDF2-HMAC-SHA256 with 100,100 rounds at about 88 KH/s. At this speed an attacker could test ~7.6 billion passwords per day, which may sound like a lot, but it really isn't. By comparison, the same GPU can test Windows NT hashes at a rate of 288.5 GH/s, or ~25 quadrillion passwords per day. So while LastPass's hashing is nearly two orders of magnitude faster than the < 10 KH/s that I recommend, it's still more than 3 million times slower than cracking Windows/Active Directory passwords. In practice, it would take you about 3.25 hours to run through rockyou.txt + best64.rule, and a little under two months to exhaust rockyou.txt + rockyou-30000.rule.

Keep in mind these are the speeds for cracking a single vault; for an attacker to achieve this speed, they would have to single out your vault and dedicate their resources to cracking only your vault. If they're trying 1,000 vaults simultaneously, the speed would drop to just 88 H/s. With 1 million vaults, the speed drops to an abysmal 0.088 H/s, or 11.4 seconds to test just one password. Practically speaking, what this means is the attackers will target four groups of users:

1. users for which they have previously-compromised passwords (password reuse, credential stuffing)
2. users with laughably weak master passwords (think top20k)
3. users they can phish
4. high value targets (celebs, .gov, .mil, fortune 100)

If you are not in this list / you don't get phished, then it is highly unlikely your vault will be targeted. And due to the fairly expensive KDF, even passwords of moderate complexity should be safe.

I've seen several people recommend changing your master password as a mitigation for this breach. While changing your master password will help mitigate future breaches should you continue to use LastPass (you shouldn't), it does literally nothing to mitigate this current breach. The attacker has your vault, which was encrypted using a key derived from your master password. That's done, that's in the past. Changing your password will re-encrypt your vault with the new password, but of course it won't re-encrypt the copy of the vault the attacker has with your new password. That would be impossible unless you somehow had access to the attacker's copy of the vault, which if you do, please let me know?

A proper mitigation would be to migrate to #Bitwarden or #1Password, change the passwords for each of your accounts as you migrate over, and also review the MFA status of each of your accounts as well. The perfect way to spend your holiday vacation! Start the new year fresh with proper password hygiene.

For more password insights like this, give me a follow!

Toplip - A Very Strong File Encryption And Decryption CLI Utility #Toplip #Encryption #Decryption #AES256 #Security #Opensource #Linux
https://www.ostechnix.com/toplip-strong-file-encryption-decryption-cli-utility/