7 responses to “What’s a Quality Rating?

  1. Just surfed http://www.copacobana.org
    “With further optimization of our implementation, we could achieve a clock frequency of 136MHz for the brute force attack with COPACOBANA. Now, the average search time for a single DES key is less than a week, precisely 6.4 days. The worst case for the search has been reduced to 12.8 days now.”
    Cosi che parla Tara?

  2. Hi Brian.
    PassPack doesn’t use DES (which can be quickly cracked), it uses AES-256.


    One question for you though, what did you mean by “Cosi che parla Tara?” – sorry, I didn’t understand that bit.

  3. Katyid being an Italian company, I made a wrong assumption. Primarily, I thought the site might interest you. It rather concerns me. This is a very expensive and powerful computer designed solely to crack codes. On average, an AES cipher takes almost a week. Who buys them? For what underlying purpose? With whose money? Maybe it’s a complex Californian joke, like spawning endless TV movies and shows pretending that Los Angeles is populated by middle-class WASPs.
    Speaking English.
    Though I suppose one Mexican asking another “Wanna buy an extremely large prime number, never been used?” just wouldn’t work on the screen.

  4. Hi Brian.
    Yup, we’re in Italy, but “Cosi che parla Tara?” translates loosely to “Is this how Tara talks?” which made me suspect that you’d thought that I’d been quoted somewhere on that page. So, sorry, I was just checking to make sure that I wasn’t missing some important question you were asking me.

    There are plenty of sites out there dedicated to cracking, and the computing/techniques/hardware/software behind cracking. But PassPack does use AES-256 which to date has not been cracked.

    One important thing to remember is that our system is flexible enough so that we can evolve algorithms should need be.

    Glad to see others keeping an eye out though.

  5. I was wondering about the advice to use a ‘memorable’ pass phrase. Is this not quite vunerable to a dictionary attack? I presume the pass phrase quality indicator doesn’t take this into account? So could you end up with a 5-6 word passphrase that is more easily cracked if it is normal phrase?

    Maybe some more advice in this area? I found the diceware webpage is quite interesting??

  6. @Ray
    A dictionary attack is generally on single words, not entire phrases. (if I’m wrong, someone please correct me)

    The important thing about phrases is that they tend to be inherently longer, which is harder to “guess”.

    But yes, you’ll want to avoid very obvious pass phrases like “open sesame”.

  7. Pingback: Pass Phrase & Packing Key Requirements « Passpack Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s