On Friday 19 April 2002 12:23 am, Heidi Henry wrote: > Zot wrote:You might want to check critical data flows, but I'd be more > worried about data storage than transmission (if the transmission is > encrypted). > > 1. If the transmission is encrypted: Sophisticated attackers are known to > establish encrypted channels, rendering network surveillance ineffective, > however it is still effective for proving that a communication occurred > between IP addresses. If a legal case should develop, this could become a > valuable link for evidence. (If I am wrong on this I am sure someone with > more knowledge will correct me, which is very welcome, the technology and > evidence rules in this field seems to be constantly changing) Assuming that they are not taking into account means to prevent traffic analysis. (Onion routing or re-mailer nets or the like.) Much work has been done in this area, bot by the Feds (for protecting their traffic) and Cypherpunks (for protecting everyone else's traffic). > 2. Data storage: Is it still true that PKzip compressed files have no > known method to extract well chosen passwords, (not including brute-force > or Beowulf cluster) or are there cracking tools available now that do not > take weeks to make a successful crack? PKZip encryption has been broken for over five years. Even then, people do not choose good passwords. If you are going to encrypt a file on a hard drive, you are better off using GPG or something else that uses known strong algorithms.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:41:20 PDT