Quote from: dbz4u on January 10, 2013, 11:50 amQuote from: Nightcrawler on January 10, 2013, 11:13 amQuote from: dbz4u on January 10, 2013, 07:02 amQuote from: CaptainMal on January 10, 2013, 06:54 amQuote from: dbz4u on January 10, 2013, 06:45 amThe much scarier version is that someone hacked the forum and is manually deleting posts/forum sliding topics. Faint but real possibility. And please don't start a thread based on this comment without some sort of substantiation, this is merely putting a possibility out there, not trying to stir up controversyThe only reason i mention this is i know someone who works for a police department and says that the fuckin local PD has hacked SR. I honestly don't know any specificsPlease don't quote me on this outside of this thread. This is second hand knowledge, i have no information about the specifics of the hack or anything.Lol. I highly doubt that the local PD has hacked SR.As do I. However my friend assures me that PGP has been cracked, and that the feds currently use 1024 bit encryption, not the paltry 512 we use. No one with two working brain cells is using keys as small as 512-bits anymore -- not for the last 20 years or so, at least. NIST, which sets standards for U.S. government agencies, advised that 1024-bit keys should be phased out by December 2010, two full years ago now. The current minimum standard calls for a pair of 2048-bit RSA keys. Most prudent users generate 4096-bit keys, because today's computers are fast enough that the time saved by using smaller key sizes no longer matters. Quote from: dbz4u on January 10, 2013, 07:02 amI want to call bullshit so badly, but can you ever be truly sure what we're using is safe? After all we are using publicly released software that has been around for years, i'd think a government capable of writing stuxnet could crack it. You will never see me write sensationalist crap like this outside of this thread btw. This is all conjecture on my part. hash collision attacks were thought to be theoretical at one point, just sayinI think your friend is having you on. FWIW, hash collision attacks were always a possibility, just a remote one. The field is littered with broken hash functions: MD2, MD4, MD5, to name just a few offhand. I think that SHA-1 will be completely compromised in the next 5-10 years. The SHA-2 hash functions seem to be holding their own, at least according to Schneier -- he's already on record as stating that the SHA-3 hashes may not actually be needed as soon as anyone thought as the SHA-2 family is proving to be better resistant to attacks than was predicted. Nightcrawler PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433Bhttp://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090I appreciate a technical explanation any day of the week. However, i don't think the NSA announces when they've cracked an encryption algorithm, correct me if I'm wrong. /QuoteNo, you're right, they don't announce it. But they also don't share the information they glean with other agencies, which might lead to knowledge of their capabilities, either. Quote from: dbz4u on January 10, 2013, 11:50 amAll I'm saying is do the people declaring these algorithms uncrackable have multiple supercomputers that they can task to do whatever they want, whenever they want? If they are working with big computer clusters to test this stuff, i still doubt it'd be anywhere near the size or strength of an NSA installation. Just my 2 centsLenstra, et al. use clusters of computers to carry out their factoring operations. This then gives them an idea of just how much work is required to factor prime numbers of a certain size. The point is, it give you a benchmark -- it's like saying the distance to a certain destination is 1000 km. Walking will take you a certain amount of time; it will take less time with a car that can do 100 km/hr, and can be done in an hour with a jet that can do 1000 km/hr. No one knows what the capabilities of the government are, at least those who know aren't talking about it. Let's assume the NSA knows you've bought a few pounds of weed last year... what do you think they're going to do with that information? Nothing, because sharing it risks compromising their collection methods, and the payoff isn't worth the risk. Nightcrawler PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433Bhttp://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090