On 10/10/2015 04:07 PM, Koenraad Lelong wrote:
About recovering the master-pasword : that tool does it with brute force. If you read about "FireMaster" it says at a point : if you remember some part of the password, give that, or else the "recovery" could take hours or days.
I think I saw mention that the encryption used was DES3, which we know is subject to "cheap" brute force attacks, and very likely, since the NSA required it to be crippled, to algorithmic attacks that have not been well publicised.
Of course anyone with physical access to your computer could steal your password-file and "recover" the master-password on his own computer. And then come back later the use it.
Or hire a botnet to crack it. I'd say "why didn't they choose a more secure algorithm?" Heck, there are many available! The answer is there in Koenraad's post. Anyone with access to your computer, certainly physical access, almost certainly electronic access, can just steal your profile. I'm sure there are many other ways to hijack your email as well. If you use gmail, the incentive to breach Google's email services are very great. The same probably goes for many of the major national-level service providers as well, Rogers, Verizon, AT&T ... And if the <strike>Stasi</strike> state security police (by whatever name in your provinciality) decide they need to access your email, then don't imagine for a moment that your ISP is going to prevent them. What was that about PGP? You're going to send PGP *encrypted* messages to the list? There's a point where using PGP self-identifies you as a type the state police should be taking a closer look at. I asked earlier "how paranoid are you?" The corollary is "how paranoid do you need to be?" -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org