Hacker News new | ask | show | jobs
by gjurhgd 145 days ago
You could never, in a million years, have guessed by "broken" they meant "it can be decrypted by the public with little effort?" I doubt that. I see no evidence they are talking about a password hash. Here's what they actually cited:

> The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, ...

They're clearly talking about it's use as a cipher. Again, someone who has been here as long as you have should understand that you shouldn't put words in their mouth or be evasive in this way.

The conversation would still have touched on these interesting topics, and would likely have done so more immediately.
1 comments
tptacek 145 days ago
Do we have conflicting premises about what Hashcat is? I'm pretty sure you're just wrong here.
link
gjurhgd 145 days ago
Do we have conflicting premises about what SSH is? I'm pretty sure you're dodging and deflecting from the actual issues here.

They were clearly suggesting that there exists a publicly available tool to attack this algorithm. They clearly didn't care one way or the other about whether it was used in passwords. What they actually cited was vulnerabilities in network services.

You are being disingenuous. Cut it out.

link
tptacek 145 days ago
What are you talking about? No there isn't. There is no "publicly available tool to attack 3DES". Hashcat is a password cracker. You know what else it supports? AES. Is AES broken?
link
gjurhgd 145 days ago
It's very difficult for me to imagine a way you could have read my remarks in good faith and come to that conclusion. I hope someday you figure this out, I guess I have no hope of explaining it.
link
tptacek 145 days ago
Here's a simple question. When you said:

They were clearly suggesting that there exists a publicly available tool to attack this algorithm.

What were you referring to? If it was Hashcat, then I have just one more question:

Is Hashcat a publicly available tool that attacks AES?

link
gjurhgd 145 days ago
I'm not going back and forth with you if you're not going to discuss the thrust of our disagreement. I am not wading into this minutia with you. I see the game you are playing to evade the subject I am trying to discuss; I'm not interested in playing.
link