Bitcoin Forum
December 11, 2016, 08:26:13 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: GnuPG versus TrueCrypt  (Read 27026 times)
Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
June 13, 2011, 01:13:35 PM
 #21

aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

ZOMG Moo!
1481444773
Hero Member
*
Offline Offline

Posts: 1481444773

View Profile Personal Message (Offline)

Ignore
1481444773
Reply with quote  #2

1481444773
Report to moderator
1481444773
Hero Member
*
Offline Offline

Posts: 1481444773

View Profile Personal Message (Offline)

Ignore
1481444773
Reply with quote  #2

1481444773
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 13, 2011, 01:17:20 PM
 #22

aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

there's nothing i hate more than good software that crashes.

bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 13, 2011, 01:21:09 PM
 #23

I wasn't aware of that, I have had no Windows for years now.

7zip seems to use AES256, that may be ok. But you have to choose a strong password, the 5 characters, that somebody suggested, are way too small. I am talking about 12 or more charakters, which are from different types and are not corresponding with dictionary words or keyboard patterns.

Misspelling protects against dictionary attacks NOT
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
June 13, 2011, 01:30:18 PM
 #24

whats wrong with 7zip and use a password with a .7z archive?
Nothing. As long as you use AES-256 and encrypt the file listing too.

It's not enough to use AES256, you have to use it without flaws.
I have tried to crack one of my passwords on a 7-zip container just for fun. I had a 3 keys/second generation performance for a 5000 MIPS CPU. Even a 5 chars password would take 20 years to crack my that CPU. Since you could use GPUs, you could lower that to maybe 2 months? Just to break a wallet. I suppose it should have more than 50 BTC to be worth it...

Use a sufficiently long password and you should be ok for now. It's an easy method of saving your wallet as it doesn't require you to store keys and whatnot.

What exactly did you test? Why should an attacker try to decrypt the 7zip-file to get the password? There are certainly better ways!
Bruteforce cracking. 5 chars alphanumeric passwords.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 13, 2011, 01:33:06 PM
 #25

Bruteforce cracking. 5 chars alphanumeric passwords.

There are several ways of brute force cracking. Did you call the 7z-extractor for each password? No attacker would do that!

Have you tried this?
http://sourceforge.net/projects/sevenzcracker/files/
or this?
http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/

Send me an archive with 5 alphanumeric characters, I could crack it today! (Somebody who would put some effort in writing his own 7zip-tools would be much faster.)

Misspelling protects against dictionary attacks NOT
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 01:38:44 PM
 #26


What exactly did you test? Why should an attacker try to decrypt the 7zip-file to get the password? There are certainly better ways!
Bruteforce cracking. 5 chars alphanumeric passwords.

This is trivial to bruteforce (~1.0e8 possibilities). Get yourself a longer password.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 01:43:32 PM
 #27

aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

I have only used gpg4win via cmd.exe. No problems for me. Running windows is another issue altogether...

Of course, use whatever tools you are most comfortable with. Just realize that not all crypto is created equal. Caveat emptor. When wallets start holding tens of thousands of dollars worth of BTC, I would not trust an archiver.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 13, 2011, 01:53:17 PM
 #28

aye I use gpg4win and it crashes constantly :p thankfully the crashes dont screw me over, just make me take a bit longer to do stuff.

I have only used gpg4win via cmd.exe. No problems for me. Running windows is another issue altogether...

Of course, use whatever tools you are most comfortable with. Just realize that not all crypto is created equal. Caveat emptor. When wallets start holding tens of thousands of dollars worth of BTC, I would not trust an archiver.

when the stakes are that high i would not either.

i would have all my coins split into 3 separate wallets on 3 separate servers on 3 separate continents.

lonestranger
Member
**
Offline Offline

Activity: 115


I like long walks on the beach, shaving my head...


View Profile
June 13, 2011, 02:05:32 PM
 #29

Oh my but I must lament once again how horrible this wallet problem is! Bitcoin's reputation is going to get creamed in the media until this is solved. You brilliant tech heads have a monster by the tail. So now let me slog through one of your opaque posts here, parsing and probing to uncover the nugget of truth for the uninitiated (like ME) to put to use...


How to use GPG?

Code:
gpg --compress-algo BZIP2 --bzip2-compress-level 9 --encrypt -a -o text_crypt_wallet.txt wallet.dat

This will compress and then encrypt your wallet using your private GPG key.

Whoa there! I have used gpg in thunderbird to encrypt email but using it in my operating system is new to me because for one thing, at what point did I generate a key pair? Where is this private key?  Another observation is that though you criticize truecrypt, at least it has a visual interface instead of this command line shit. Sorry if this offends...

The -a flag tells gpg to give you ascii-armored (printable) output. The -o flag tells gpg to name the output file "text_crypt_wallet.txt". You can then print this out. The file will look something like this:
.
.
.
Make sure the font is OCR-readable (http://en.wikipedia.org/wiki/Optical_character_recognition) and large enough to avoid scanning and transcription errors. Also, make sure to keep track of page numbers.

If you don't have a GPG key,

Whoa there!  What do you mean?  Why would I just happen to HAVE a GPG key?  Where would it come from? But not having to mess with keypairs is an advantage anyway.


To recover the wallet, you can scan the document and OCR it to a file. Then decrypt it:

Code:
gpg --decrypt -o wallet.dat scanned_text_file.txt

So I now need to scan a printout with character recognition software....you truly live in a different world than most people. No offense you brilliant tech head but this situation is terrible.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 13, 2011, 02:16:36 PM
 #30

You do not have to print your encrypted file and scan it in later. However, plain paper is the most durable medium available for long-term data storage, so it will be useful in some circumstances.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 13, 2011, 02:20:04 PM
 #31

if you were going the printing out a paper route, why not just print out your wallet file and delete the original?

gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 02:22:18 PM
 #32

Oh my but I must lament once again how horrible this wallet problem is! Bitcoin's reputation is going to get creamed in the media until this is solved. You brilliant tech heads have a monster by the tail. So now let me slog through one of your opaque posts here, parsing and probing to uncover the nugget of truth for the uninitiated (like ME) to put to use...

Sorry for being "opaque."

Quote
Whoa there! I have used gpg in thunderbird to encrypt email but using it in my operating system is new to me because for one thing, at what point did I generate a key pair? Where is this private key?  Another observation is that though you criticize truecrypt, at least it has a visual interface instead of this command line shit. Sorry if this offends...

<sigh> Please note the part where I specifically give an example of using a symmetric algorithm by itself (no public/private keypair required). And the subsequent posts where I repeated this. No offense taken...

Quote
Whoa there!  What do you mean?  Why would I just happen to HAVE a GPG key?  Where would it come from? But not having to mess with keypairs is an advantage anyway.

See above.

Quote
So I now need to scan a printout with character recognition software....you truly live in a different world than most people. No offense you brilliant tech head but this situation is terrible.

No. You don't need to do it, at all. Nowhere did I state that this is a requirement. It seems obvious that this is an optional step for those who wish to have a secure hardcopy of the intact wallet.dat. If this isn't clear, then I would agree that we do live in different worlds.

At the risk of putting too fine a point on it, perhaps my "opacity" comes from your lack of reading comprehension.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
bittersweet
Full Member
***
Offline Offline

Activity: 224



View Profile
June 13, 2011, 02:24:37 PM
 #33

However, plain paper is the most durable medium available for long-term data storage, so it will be useful in some circumstances.

Laser engraving on a metal plate would be better Smiley

My Bitcoin address: 1DjTsAYP3xR4ymcTUKNuFa5aHt42q2VgSg
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 02:25:11 PM
 #34

if you were going the printing out a paper route, why not just print out your wallet file and delete the original?

It wouldn't be encrypted. Examine the title of the thread.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
June 13, 2011, 02:30:59 PM
 #35

Bruteforce cracking. 5 chars alphanumeric passwords.

There are several ways of brute force cracking. Did you call the 7z-extractor for each password? No attacker would do that!

Have you tried this?
http://sourceforge.net/projects/sevenzcracker/files/
or this?
http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/

Send me an archive with 5 alphanumeric characters, I could crack it today! (Somebody who would put some effort in writing his own 7zip-tools would be much faster.)

http://content.wuala.com/contents/entropiahost/Share/bitcoinpassword.7z?dl=1

There you go. 294 bytes. Five chars alpha-lowercase and numeric password. If you successfully crack it, you can give me the password that is contained inside the textfile.
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 02:35:26 PM
 #36

Bruteforce cracking. 5 chars alphanumeric passwords.

There are several ways of brute force cracking. Did you call the 7z-extractor for each password? No attacker would do that!

Have you tried this?
http://sourceforge.net/projects/sevenzcracker/files/
or this?
http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/

Send me an archive with 5 alphanumeric characters, I could crack it today! (Somebody who would put some effort in writing his own 7zip-tools would be much faster.)

http://content.wuala.com/contents/entropiahost/Share/bitcoinpassword.7z?dl=1

There you go. 294 bytes. Five chars alpha-lowercase and numeric password. If you successfully crack it, you can give me the password that is contained inside the textfile.

This would be far more interesting (and would make the point a bit more clear) if you did this with a wallet holding all your BTC.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
June 13, 2011, 02:43:38 PM
 #37

Bruteforce cracking. 5 chars alphanumeric passwords.

There are several ways of brute force cracking. Did you call the 7z-extractor for each password? No attacker would do that!

Have you tried this?
http://sourceforge.net/projects/sevenzcracker/files/
or this?
http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/

Send me an archive with 5 alphanumeric characters, I could crack it today! (Somebody who would put some effort in writing his own 7zip-tools would be much faster.)

http://content.wuala.com/contents/entropiahost/Share/bitcoinpassword.7z?dl=1

There you go. 294 bytes. Five chars alpha-lowercase and numeric password. If you successfully crack it, you can give me the password that is contained inside the textfile.

This would be far more interesting (and would make the point a bit more clear) if you did this with a wallet holding all your BTC.
I'll consider a small donation for the good of the community considering that it improves our security, especially since I think this little 294 bytes archive could be broken in 2 months, and not 24 hours.
gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 13, 2011, 02:53:58 PM
 #38

I'll consider a small donation for the good of the community considering that it improves our security, especially since I think this little 294 bytes archive could be broken in 2 months, and not 24 hours.

No. It does not improve anything at all. It demonstrates a deep misunderstanding of these tools and their limitations, and that you are happy to promulgate dangerous advice to others.

It is well understood that a 5 character password (even using a larger characterspace) is total shit. What you think is immaterial. Such a short password is literally nothing to an even moderately-motivated attacker. It is worse than putting a luggage padlock on a 10 ton door to a steel vault.

What is most laughable is that the cost of increasing the keylength is basically nothing, much like using the proper tools. Yet you reject even the most rudimentary advice for... well... no apparent reason.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
June 13, 2011, 02:56:45 PM
 #39

When decrypting my wallet it gets stored unencrypted in my hard drive right? Sure, I can shred and delete it after re-encrypting but that's a security risk TrueCrypt doesn't have.

Btw, I didn't read the whole Schneier paper but the abstract only talks about losing deniability under Windows with TrueCrypt version 5. Should I still be concerned about this using TrueCrypt v7 under Linux?

BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
June 13, 2011, 03:00:33 PM
 #40

Yet you reject even the most rudimentary advice for... well... no apparent reason.
I reject what?
Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!