@Theholypumpkin @toby well, unlike @bunsenlabs and @ubuntu on #amd64, @Raspberry_Pi & #Ubuntu on #RaspberryPi doesn't support #LUKS or setting up #FullDiskEncryption at all.
Which IMHO is not excuseable since even if the #Broadcom-made #SoC didn't have any Cryptograpy-Acceleration integrated whatsoever, the performance of #AES256 is still faster than any microSD or eMMC on the market.
Espechally since that feature predates the Raspberry Pi by over half a decade: even @opensuse 10.2 offered it.

Das überrascht mich - iOS kann inzwischen AES256 direkt "entzippen"?
Könnt Ihr das bestätigen?
1. Datei mit 7zip verschlüsselt (AES256-Modus).
2. Datei auf Nextcloud geladen.
3. Nextcloud-Pfad in iOS-Dateien-App geöffnet.
4. Passwort wird abgefragt und entschlüsselt.
Früher musste ich da den Umweg über Filebrowser oder andere Tools nehmen.

#Verschlüsselung #AES256 #Zip #7Zip #iOS

@marcan @lanodan the only cases where one would need even more Power are setups like High-Bandwith #VPN Gateways like some huge #pfSense if one needs 40+ GBit/s throughput on #OpenVPN or #WireGuard.

Mind you that #LUKS - aside from the encryption of the key in the header, uses #AES256 by default for a long time and is pretty efficient even prior to #AESni.

So no, in most cases the impact is purely synthetic and not really of any impact...

A brief rundown of features:
- It stores #passwords
- Can import #KeePass files
- Compatible with #Linux, #Android, #Mac and #Windows
- #AES256 #encrypted
- Single focus, simple design
- #OpenSource (#hardware, #firmware and #software)
- Requires a physical button press for each username/password

That last point means that even if someone rooted your computer and stole your unlock password, they still would not be able to dump all the passwords from the hardware!

#HTMLCrypt
Well, I'd call it #secure
https://www.maxlaumeister.com/software/pagecrypt/

"This tool uses the SubtleCrypto JavaScript API for its encryption. First, an encryption key is derived from the password using #PBKDF2 and a random #salt with 100,000 rounds. Then the HTML is encrypted using #AES256"

» robinmoisson/staticrypt: Password protect a static HTML page https://t.co/GmMGJTiAKH // StatiCrypt uses #AES256 to encrypt your #HTML file with your passphrase and return a static page...

@zate @epixoip is this in contradiction to what Jeremi is saying? Or am I just not understanding? My understanding is that to decrypt the vault, each cracking attempt would have to run through those 100,100 iterations. He says in the post:
“Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256”

Many of you have been asking for my thoughts on the #LastPass breach, and I apologize that I'm a couple days late delivering.

Apart from all of the other commentary out there, here's what you need to know from a #password cracker's perspective!

Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256 (can be configured to use more rounds, but most people don't). #PBKDF2 is the minimum acceptable standard in key derivation functions (KDFs); it is compute-hard only and fits entirely within registers, so it is highly amenable to acceleration. However, it is the only #KDF that is FIPS/NIST approved, so it's the best (or only) KDF available to many applications. So while there are LOTS of things wrong with LastPass, key derivation isn't necessarily one of them.

Using #Hashcat with the top-of-the-line RTX 4090, you can crack PBKDF2-HMAC-SHA256 with 100,100 rounds at about 88 KH/s. At this speed an attacker could test ~7.6 billion passwords per day, which may sound like a lot, but it really isn't. By comparison, the same GPU can test Windows NT hashes at a rate of 288.5 GH/s, or ~25 quadrillion passwords per day. So while LastPass's hashing is nearly two orders of magnitude faster than the < 10 KH/s that I recommend, it's still more than 3 million times slower than cracking Windows/Active Directory passwords. In practice, it would take you about 3.25 hours to run through rockyou.txt + best64.rule, and a little under two months to exhaust rockyou.txt + rockyou-30000.rule.

Keep in mind these are the speeds for cracking a single vault; for an attacker to achieve this speed, they would have to single out your vault and dedicate their resources to cracking only your vault. If they're trying 1,000 vaults simultaneously, the speed would drop to just 88 H/s. With 1 million vaults, the speed drops to an abysmal 0.088 H/s, or 11.4 seconds to test just one password. Practically speaking, what this means is the attackers will target four groups of users:

1. users for which they have previously-compromised passwords (password reuse, credential stuffing)
2. users with laughably weak master passwords (think top20k)
3. users they can phish
4. high value targets (celebs, .gov, .mil, fortune 100)

If you are not in this list / you don't get phished, then it is highly unlikely your vault will be targeted. And due to the fairly expensive KDF, even passwords of moderate complexity should be safe.

I've seen several people recommend changing your master password as a mitigation for this breach. While changing your master password will help mitigate future breaches should you continue to use LastPass (you shouldn't), it does literally nothing to mitigate this current breach. The attacker has your vault, which was encrypted using a key derived from your master password. That's done, that's in the past. Changing your password will re-encrypt your vault with the new password, but of course it won't re-encrypt the copy of the vault the attacker has with your new password. That would be impossible unless you somehow had access to the attacker's copy of the vault, which if you do, please let me know?

A proper mitigation would be to migrate to #Bitwarden or #1Password, change the passwords for each of your accounts as you migrate over, and also review the MFA status of each of your accounts as well. The perfect way to spend your holiday vacation! Start the new year fresh with proper password hygiene.

For more password insights like this, give me a follow!

Le chiffrement de bout en bout de TIXEO:

L’architecture unique de chiffrement de bout en bout de #Tixeo

Le chiffrement de lien est effectué en #TLS (Transport Layer Security). Le chiffrement de bout en bout (de client à client) des flux audio, vidéo, et data est réalisé en #AES256 (Advanced Encryption Standard 256), avec un échange de clés #DiffieHellman . Toutes les transmissions de données via les solutions Tixeo sont ainsi garanties à un niveau de sécurité optimal.

https://www.tixeo.com/le-chiffrement-de-bout-en-bout-comment-ca-marche/

Referenced link: https://hackernoon.com/intro-to-the-aes-256-cipher
Discuss on https://discu.eu/q/https://hackernoon.com/intro-to-the-aes-256-cipher

Originally posted by HackerNoon | Will NOT Insert LINKS in HN stories / @hackernoon@twitter.com: https://twitter.com/hackernoon/status/1530640050882588681#m

"Intro to The AES-256 Cipher" by @wagslane https://hackernoon.com/intro-to-the-aes-256-cipher #advancedencryptionstandard #aes256

Referenced link: https://hackernoon.com/intro-to-the-aes-256-cipher
Discuss on https://discu.eu/q/https://hackernoon.com/intro-to-the-aes-256-cipher

Originally posted by HackerNoon | Will NOT Insert LINKS in HN stories / @hackernoon@twitter.com: https://twitter.com/hackernoon/status/1526996070554804224#m

"Intro to The AES-256 Cipher" by @wagslane https://hackernoon.com/intro-to-the-aes-256-cipher #advancedencryptionstandard #aes256