m*****9
发帖数: 12 | 1 Appstore url: http://tinyurl.com/l7ymphb
APP有记文本、照相笔记、限时分享等功能。
如果觉得有用的话在appstore那里给点好评。做个APP还蛮辛苦地,先谢过啦。 |
p***c
发帖数: 5202 | 2 怎么知道你不是NSA的双料间谍,来套取我们地下党的密电码?
坚决抵制。。。。哈哈
开玩笑,等会儿下下来试试 |
ra
发帖数: 827 | 3 The problem with encryption is that people often chose weak passwords.
【在 m*****9 的大作中提到】
: Appstore url: http://tinyurl.com/l7ymphb
: APP有记文本、照相笔记、限时分享等功能。
: 如果觉得有用的话在appstore那里给点好评。做个APP还蛮辛苦地,先谢过啦。
|
y*******d
发帖数: 1765 | 4 pwd and encryption key are totally different things...
【在 ra 的大作中提到】
: The problem with encryption is that people often chose weak passwords.
|
r****n
发帖数: 496 | 5 In such applications, encryption keys are derived from passwords directly or
indirectly, so the entropy in encryption keys depends on passwords, where
do you get extra entropy? Another secete?
In interactive communcation, there are protocols to derive strong encryption
keys from weak passwords, but as far as I know, this cannot be done for non
-interactive communication, e.g. storage.
【在 y*******d 的大作中提到】
: pwd and encryption key are totally different things...
|
m*****9
发帖数: 12 | 6 Encryption key is based on a combination of user's password and a
random string created on the server side. Password based brute-force attack
doesn't work if an attacker only has access to the encrypted data. |
r****n
发帖数: 496 | 7 This random string is essentially another password, it makes it more
difficult to some attackers, but this random string will have to stored on
both client and server machines.So for NSA, if they can get your data from
the server, then why can't they also get this random string?
Sorry I am nitpicking, this is pure technical discussion.
One thing to make it a little more secure is to store your random string on
another server, maybe even from different ISP, or even different country, e.
g. one server in US, one server in China.
A more advanced scheme is to do something like secure sharing on top of
encrypted data, so that nothing is revealed without getting enough shares.
attack
【在 m*****9 的大作中提到】
: Encryption key is based on a combination of user's password and a
: random string created on the server side. Password based brute-force attack
: doesn't work if an attacker only has access to the encrypted data.
|
