|
|
|
|
|
|
by rgovostes
2135 days ago
|
|
|
The difficulty of breaking Deepsound is basically equivalent to the difficulty of reversing a SHA-1 hash. For dictionary words and shorter passwords, consider them broken instantaneously through pre-computed lookup tables. For more complex passphrases (and remember, only the first 32 characters count here), exponential growth probably works in your favor, even with today's Bitcoin-fueled hyper-accelerated SHA-1 implementations. Even then, the scheme where they use the password directly as the AES key is flawed. For example, in ASCII, every octet's most-significant bit is zero, so 32 bits of your AES key are fixed. I don't know if this enables practical attacks, but anyone who cares about securing their data shouldn't rely on amateur cryptography like this. Edit: Oh right, and aside from the password aspect, it uses ECB mode for the encrypted content. That’s not good. |
|
|