[clug] [OT] all text passwords == secure?
Paul Wayper
paulway at mabula.net
Tue Aug 28 03:58:57 MDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 28/08/12 12:32, Robert Edwards wrote:
>> Also, Paul, are you "blindly" trusting GPG? How do _you_ know that large
>> prime numbers really are hard to factor? What if someone did know how
>> to do it? Would you necessarily trust them to tell everyone?
Yes, I would trust them to tell everyone, because by and large the people
working on that maths are security researchers who publish. Although the NSA
and other country-level security organisations employ lots of mathematicians,
and there's a non-zero chance that one of them could find it and not tell
anyone, I doubt it would be discovered for long.
The prime number sequence is one of the most interesting sequences to study,
because (in my way of thinking) it is its own inverse. Every number on the
list precludes an infinite list of multiples from appearing on the list, so
the list forms part of its own definition. People have been working on
factorisation methods for thousands of years. Most of the methods of testing
for primality don't tell you factors and often don't tell you that the number
is definitely prime, only that it's definitely composite (you do multiple
tests, possibly over a number of iterations, to increase the probability of
primality). Most of the factorisation methods either have the same caveat
(you start guessing factors and hope you get one soon) or work only on certain
ranges (e.g. semiprimes with the two factors close together).
But that's just amusement :-)
This is a case where I think there's too many eyes looking at the problem -
and watching eachother - for something like a quick factorisation method for
large primes to be a secret for long.
Have fun,
Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAlA8lmEACgkQu7W0U8VsXYKwnwCcCDMwp34+ggvjoR+09bBGxAEb
dEgAoLl8X0tAQD6XpwYarZeu0r5WFNdn
=5UjK
-----END PGP SIGNATURE-----
More information about the linux
mailing list