Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 03 Mar 2015, 11:08
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Why Puppy's Light Encryption Option is a Joke (Educational)
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 2 Posts_count   Goto page: Previous 1, 2
Author Message

Joined: 26 Oct 2011
Posts: 1207

PostPosted: Sat 21 Jan 2012, 18:28    Post_subject:  

This thread reminds me my own struggles with XOR encryption on C64, many years ago.
Right after I wrote such tool I discovered that if file contains a longer string of the same bytes, the whole encryption is worth nothing. Laughing
How hard I tried to make it more 'secret'!
Even I added tracing of $d012 cell (current raster line position) to encryption algorithm to make it more complex. Laughing
And the effect was pretty cool: eg. "aaaaaaaaaaaaa" string encrypted with "a" passphrase has produced something like "dZ@2&"{[6g]'\!" as output!

Unfortunately, I just read somewhere that even this can be cracked using "frequency analyzing" or something like that...

Anyway, this thread (again) inspired me to write another encryption tool.
Details here: http://www.murga-linux.com/puppy/viewtopic.php?t=75404
It uses openssl and AES, so I hope it's more secure..? Wink


[O]bdurate [R]ules [D]estroy [E]nthusiastic [R]ebels => [C]reative [H]umans [A]lways [O]pen [S]ource
Omnia mea mecum porto.
Back to top
View user's profile Send_private_message 

Joined: 02 Mar 2010
Posts: 25
Location: U.S.- E. Coast

PostPosted: Sun 19 Feb 2012, 08:36    Post_subject: NOW You Tell Me?!
Sub_title: Essential Warning Relegated to "Off-Topic" Section?!

Pizzasgood wrote:
Well, it should go without saying that when presented an option between light or heavy encryption, you should choose the heavy.

"go without saying"?!

I came across this post just last week by accident. Thankfully, still before anyone had access to my "light encryption" save file.

The OP in this thread is dated December, 2009-- over two years ago now-- and the latest Puppy releases still suggest choosing "light encryption" when creating a save file that will be saved to a hard drive!

And this post is relegated to an "off-topic" section and a cavalier tone?!


This is an essential warning! Why was it never stickied to the very top of the forum?

I am flabbergasted.

Surely there are at least some Puppy users out there who are at risk of having their sensitive data compromised and they don't even know it.
Back to top
View user's profile Send_private_message 

Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Sun 19 Feb 2012, 13:50    Post_subject:  

Though I posted this in 2009, the weakness had been known to the forum since not long after it was implemented, whenever that was (2005?).

If Puppy is recommending the light option, then I agree it should be changed around. It should strongly encourage the use of the heavy option. People should only use the light option if they have already tried the heavy one and actually noticed a performance hit, and even then only if they are not very concerned about their data falling into the wrong hands. The selection page should clearly state that the light option is trivial to break, with a big all caps WARNING label included.

Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 2 of 2 Posts_count   Goto page: Previous 1, 2
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot attach files in this forum
You can download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0542s ][ Queries: 12 (0.0033s) ][ GZIP on ]