OT How safe is a 7-zip passworded file?

On Wed, 08 Jan 2014 04:38:35 +0800, "Mr. Man-wai Chang"
wrote:


BTW, I heard that Asian witches (notably Chinese and Thai ones) could
curse someone using one's precise birth time in Lunar calendar format!


Yeah, right. Not only Asian witches, but also Sand witches.

On Tue, 07 Jan 2014 16:57:18 -0500, Nil wrote:

But this alpha has only been available for a couple of days.

No, it hasn't. I downloaded (and installed) this version on Dec 3 2013.

--
s|b

On 1/7/2014 3:33 PM, Mr. Man-wai Chang wrote:
On 8/01/2014 3:03 AM, Paul wrote:
It's a good thing I bought a few extra rolls of tinfoil
this week, to make my tinfoil hat a bit thicker.
They can't get you, if you're wearing your tinfoil hat.

Can tin foil prevent God from talking to you directly?


No, only medication can stop that.

Tinfoil is obviously an art form... Such fun.

http://f.kulfoto.com/pic/0001/0038/679Tv37606.jpg

Paul

Silver Slimer wrote:

On 07/01/2014 11:59 AM, BillW50 wrote:

Although todays computers, devices, etc. are totally different. The
power button doesn't physically disconnect the power anymore. And there
are tasks that could wake the system up (even a backdoor hack I would
guess).

Absolutely agreed. I would not be surprised to discover that even off,
the contents of my hard disk are somehow accessible to outside parties.

http://www.popularresistance.org/new...ntly-hackable/

Just sayin'.

--
The wise learn more from fools than fools from the wise.

On 1/7/2014 11:47 PM, Auric__ wrote:
Silver Slimer wrote:

On 07/01/2014 11:59 AM, BillW50 wrote:

Although todays computers, devices, etc. are totally different. The
power button doesn't physically disconnect the power anymore. And there
are tasks that could wake the system up (even a backdoor hack I would
guess).

Absolutely agreed. I would not be surprised to discover that even off,
the contents of my hard disk are somehow accessible to outside parties.

http://www.popularresistance.org/new...ntly-hackable/

Just sayin'.


I think the comment section of that page, just about covered it all.

Intel shoots themselves in the foot, by not describing where the
various bits and pieces are hiding. Their lousy "video animation"
does nothing to allow others to analyze the implications.

I have one Powerpoint slide deck on AMT. But it's dated enough
now, there's no way to extrapolate where the hardware functions
for that, hide today. Back at that time, Q-series chipsets
had a microcontroller in the chipset, which shared code space
in the BIOS chip. So the processor itself was not adulterated
in that case. But seeing as SOC is the gleam in Intel's eye,
I don't see any reason to assume AMT will stay in the chipset.
It's where ever Intel wants it to be.

I don't see any effort by AMD, to match them on this.

Server computers used to be "bugged" in the past, by adding
a separate controller board. That allowed the IT department to
access a crashed server, and reboot it. The Intel AMT feature
was intended to move that capability, to the desktop. The difference
is, the need for a separate controller board, allows the end user
to unambiguously control their fate. No controller board, no bug.
By putting portions of the hardware needed, into *everything*,
it just gives material to the conspiracy nuts. It's
irresponsible of Intel, not to document this stuff properly, and
put it on the same web page as that blasted video of theirs.
I had to dig pretty hard, to find a copy of the Powerpoint slide
deck I got, on AMT.

The list at the bottom of this page, still puts some
emphasis on the chipset. The reason an 82579LM and
specific Centrino wireless items are mentioned, is
so the AMT firmware will have a driver for them.
If some other brand of comm chippery is used, there
won't be a driver to make it work.

https://communities.intel.com/message/175345

Paul

On Mon, 06 Jan 2014 12:33:14 -0500, Keith Nuttle
wrote:

On 1/6/2014 11:40 AM, Mr. Man-wai Chang wrote:
On 6/01/2014 11:38 PM, Paul wrote:
On 1/6/2014 10:11 AM, Mr. Man-wai Chang wrote:
And BTW, your government could always arrest your physical body in
reality for questioning!

They can always use a keylogger.




That is, install malwares into your PC when you were away from home?


This is impossible if you turn off your computers when you are not using
it.

Sooner or later, you have to turn it on in order to use it.

On Mon, 06 Jan 2014 12:33:14 -0500, Keith Nuttle
wrote:

On 1/6/2014 11:40 AM, Mr. Man-wai Chang wrote:
On 6/01/2014 11:38 PM, Paul wrote:
On 1/6/2014 10:11 AM, Mr. Man-wai Chang wrote:
And BTW, your government could always arrest your physical body in
reality for questioning!

They can always use a keylogger.

That is, install malwares into your PC when you were away from home?

This is impossible if you turn off your computers when you are not using
it.

Windows 8 notebooks never turn off. Unless you pull the
battery. Even then, it takes a while for the internal battery to die.
Most people don't realize their notebooks are constantly transmitting.

//Better Connectivity
The 4th gen Intel Core processor family automatically connects to
wireless hotspots. Your e-mail, social media, and apps are always
updated thanks to Intel® Smart Connect Technology.//

//Intel® Smart Connect Technology
Stay current with automatic, no-wait updates to your email and social
networks, even when your device is asleep.//

http://www.intel.com/content/dam/www...bile-brief.pdf
http://www.intel.com/content/dam/www...tops-brief.pdf

The lady in the picture is a spy. So is the dork. Note the new
NSA hairstyles.
[]'s

--
Don't be evil - Google 2004
We have a new policy - Google 2012

On 1/9/2014 6:45 AM, Shadow wrote:
On Mon, 06 Jan 2014 12:33:14 -0500, Keith Nuttle
wrote:

On 1/6/2014 11:40 AM, Mr. Man-wai Chang wrote:
On 6/01/2014 11:38 PM, Paul wrote:
On 1/6/2014 10:11 AM, Mr. Man-wai Chang wrote:
And BTW, your government could always arrest your physical body in
reality for questioning!

They can always use a keylogger.

That is, install malwares into your PC when you were away from home?

This is impossible if you turn off your computers when you are not using
it.

Windows 8 notebooks never turn off. Unless you pull the
battery. Even then, it takes a while for the internal battery to die.
Most people don't realize their notebooks are constantly transmitting.

//Better Connectivity
The 4th gen Intel Core processor family automatically connects to
wireless hotspots. Your e-mail, social media, and apps are always
updated thanks to Intel® Smart Connect Technology.//

//Intel® Smart Connect Technology
Stay current with automatic, no-wait updates to your email and social
networks, even when your device is asleep.//

http://www.intel.com/content/dam/www...bile-brief.pdf
http://www.intel.com/content/dam/www...tops-brief.pdf

The lady in the picture is a spy. So is the dork. Note the new
NSA hairstyles.
[]'s


The battery in a laptop replaces the CMOS battery in your desktop, but
serves a similar function to keep the bootstrap programs always
available. So in a sense all computers are always on. Today in most
computers the CMOS Battery keep the clock correct on a computer.

Even in Windows 8.1 you can set each wireless network connection to auto
connect or not to auto connect. You also have the option to turn of the
wireless transmitter on you laptop commuter.

A spy would have to have install a program on the computer that would
override the start-up circuitry.

When I become real paranoid about illegal connections, I turn off the
wireless router. Since the router also serves the wired connection, all
of my computers are all off the web. If I become extremely paranoid, I
turn off the modem.

While the US government and others have spy programs, what are the odds
of them targeting your computer. The probability is decreased if you
only use your computer a couple of hours per day and it turned off the
rest. What is the probability that your computer has something worth
taking the time to hack into it? It is more profitable to target a
large company, bank or store computer.

On 1/9/2014 8:28 AM, Keith Nuttle wrote:
On 1/9/2014 6:45 AM, Shadow wrote:
On Mon, 06 Jan 2014 12:33:14 -0500, Keith Nuttle
wrote:

On 1/6/2014 11:40 AM, Mr. Man-wai Chang wrote:
On 6/01/2014 11:38 PM, Paul wrote:
On 1/6/2014 10:11 AM, Mr. Man-wai Chang wrote:
And BTW, your government could always arrest your physical body in
reality for questioning!

They can always use a keylogger.

That is, install malwares into your PC when you were away from home?

This is impossible if you turn off your computers when you are not using
it.

Windows 8 notebooks never turn off. Unless you pull the
battery. Even then, it takes a while for the internal battery to die.
Most people don't realize their notebooks are constantly transmitting.

//Better Connectivity
The 4th gen Intel Core processor family automatically connects to
wireless hotspots. Your e-mail, social media, and apps are always
updated thanks to Intel® Smart Connect Technology.//

//Intel® Smart Connect Technology
Stay current with automatic, no-wait updates to your email and social
networks, even when your device is asleep.//

http://www.intel.com/content/dam/www...bile-brief.pdf
http://www.intel.com/content/dam/www...tops-brief.pdf

The lady in the picture is a spy. So is the dork. Note the new
NSA hairstyles.
[]'s


The battery in a laptop replaces the CMOS battery in your desktop, but serves a similar function to keep the bootstrap programs always available. So in a sense all computers are always on. Today in most computers the CMOS Battery keep the clock correct on a computer.

Even in Windows 8.1 you can set each wireless network connection to auto connect or not to auto connect. You also have the option to turn of the wireless transmitter on you laptop commuter.

A spy would have to have install a program on the computer that would override the start-up circuitry.

When I become real paranoid about illegal connections, I turn off the wireless router. Since the router also serves the wired connection, all of my computers are all off the web. If I become extremely paranoid, I turn off the modem.

While the US government and others have spy programs, what are the odds of them targeting your computer. The probability is decreased if you only use your computer a couple of hours per day and it turned off the rest. What is the probability that your computer has something worth taking the time to hack into it? It is more profitable to target a large company, bank or store computer.

The large removable battery in the laptop provides:

1) Main power - the equivalent of 3.3V/5V/12V on a desktop
2) Standby power - the equivalent of +5VSB when the computer sleeps
- this maintains RAM state, but can't last forever,
because the power that DRAM uses in refresh, is not zero.

The CMOS battery (CR2032) is for time-keeping. Some laptops use a
LR2032, which is a rechargeable CR2032. An LR2032 can drain in a
shorter time, but can also recharge from the main battery later.
The CR2032 type, doesn't recharge. CR2032 is not meant for anything
but running the RTC real time clock.

*******

The SmartConnect is demonstrated here. This document is from 2012,
but I suspect the SmartConnect implementation is older than that.
(In other words, later versions could use functional blocks
located in other chips. The architecture and design does not have
to stand still.)

http://www.asrock.com/support/note/I...artConnect.pdf

The capability isn't explained in as many words, but it looks like:

1) Capability is enabled by installing a driver.
2) Capability relies on system being in sleep state, meaning
RAM still contains an OS session.
3) Cute tuner application allows listing eligible applications.
Exactly why this is necessary, isn't clear. Does that driver
indicate a networking state change to selected applications only ?

The document also says, the applications needing periodic network updates,
should already be running before the computer is put in sleep state.

Now, one other document on their site, refers to a "ME8" BIOS, which is
a poor choice of terms.

http://www.asrock.com/news/events/2012H61/

That's because it suggests the Management Engine is
being used. And the H61 chipset on the products in question, isn't
supposed to have a Management Engine (it should be disabled by Intel
at the factory). To do the Smart Connect, could be implemented entirely
with the regular chipset wake timer in the RTC, so really, a Management
Engine is not required. Just the voluminous collection of C states
Intel has now, a timer to wake the system, a driver to put the system
back in sleep state after the "update" period is complete. If a Management
Engine is involved, that would indeed be creepy. As it could imply operation
in a very low C state (processor core powered off, DRAM powered off). Then
the only question would be, what RAM is the Management Engine using and
how is it powered.

Of course, if the OS isn't loaded in that scenario, what can the
Management Engine do on its own ? Leaving an OS in RAM is more useful,
and gives the computer "Some information to steal", if you're wanting
a conspiracy theory.

The reason I look for non-Intel documents to explain this stuff, is in
the hope they'll "let the cat out of the bag" :-) Because Intel won't
explain it in a useful way.

Paul

On 1/9/2014 12:09 PM, Paul wrote:
On 1/9/2014 8:28 AM, Keith Nuttle wrote:
On 1/9/2014 6:45 AM, Shadow wrote:
On Mon, 06 Jan 2014 12:33:14 -0500, Keith Nuttle
wrote:



That is, install malwares into your PC when you were away from
home?

This is impossible if you turn off your computers when you are not
using
it.


The lady in the picture is a spy. So is the dork. Note the new
NSA hairstyles.
[]'s


The battery in a laptop replaces the CMOS battery in your desktop, but
serves a similar function to keep the bootstrap programs always
available. So in a sense all computers are always on. Today in most
computers the CMOS Battery keep the clock correct on a computer.

Even in Windows 8.1 you can set each wireless network connection to
auto connect or not to auto connect. You also have the option to turn
of the wireless transmitter on you laptop commuter.

A spy would have to have install a program on the computer that would
override the start-up circuitry.

When I become real paranoid about illegal connections, I turn off the
wireless router. Since the router also serves the wired connection,
all of my computers are all off the web. If I become extremely
paranoid, I turn off the modem.

While the US government and others have spy programs, what are the
odds of them targeting your computer. The probability is decreased if
you only use your computer a couple of hours per day and it turned off
the rest. What is the probability that your computer has something
worth taking the time to hack into it? It is more profitable to
target a large company, bank or store computer.



The SmartConnect is demonstrated here. This document is from 2012,
but I suspect the SmartConnect implementation is older than that.
(In other words, later versions could use functional blocks
located in other chips. The architecture and design does not have
to stand still.)

http://www.asrock.com/support/note/I...artConnect.pdf

The capability isn't explained in as many words, but it looks like:

1) Capability is enabled by installing a driver.
2) Capability relies on system being in sleep state, meaning
RAM still contains an OS session.
3) Cute tuner application allows listing eligible applications.
Exactly why this is necessary, isn't clear. Does that driver
indicate a networking state change to selected applications only ?

The document also says, the applications needing periodic network updates,
should already be running before the computer is put in sleep state.

Now, one other document on their site, refers to a "ME8" BIOS, which is
a poor choice of terms.

http://www.asrock.com/news/events/2012H61/



The reason I look for non-Intel documents to explain this stuff, is in
the hope they'll "let the cat out of the bag" :-) Because Intel won't
explain it in a useful way.

Paul

PS: In my above post when I say turned off I mean shutdown, not standby
or Hibernate.

I believe my old Ambra (maybe my next computer) had a way of starting it
up remotely. As I remember it was setup so the FAX modem could be used
even when unattended.

On 1/9/2014 12:54 PM, Keith Nuttle wrote:

PS: In my above post when I say turned off I mean shutdown, not standby or Hibernate.

I believe my old Ambra (maybe my next computer) had a way of starting it up remotely.
As I remember it was setup so the FAX modem could be used even when unattended.

That function is called WOR or Wake On Ring. That's so you can
receive FAXes on a computer that is sleeping.

It's similar to WOL or Wake On LAN on a NIC, only on the NIC
you have some choices for the kind of packet that causes the
computer to wake up.

Both interface to PME or Power Management Event on the chipset,
and that's how the wake up kicks off.

To work, standby power (+5VSB) must be available for the RS232
or NIC, as well as the chipset with the PME on it.

Paul

On 06/01/2014 12:18 AM, Paul wrote:
What isn't good, is if you use the same password for everything.
That wouldn't be good.

Neither would a dictionary word be a good choice for
a password.

There are no simple answers for passwords. Passwords suck.
Simple enough to remember, the password will be easy to break.
Hard enough to prevent breakage, impossible to remember.

Not necessarily:

GRC's | Password Haystacks: How Well Hidden is Your Needle?
https://www.grc.com/haystack.htm

Basically, you don't have to break your back to get a strong password.
An extremely long password that even includes dictionary words is *more*
unbreakable than a fully randomized smaller password. At some point a
password is so long that all computer systems give up on dictionary
attacks and go with brute force. When making a long password, just make
it simple & memorable for you, and just pad it with symbols. A
dictionary attack won't work on anything other than short passwords.

Yousuf Khan

On 05/01/2014 11:35 PM, John Doe wrote:
Using the latest version 7z920. When you zip up some files and use
the default AES-256 encryption with "encrypt file names" checked,
it's safe right?

Hard to say, depends on whether the NSA has broken it yet or not. NSA
doesn't necessarily break it by doing long, drawn-out mathematical
analysis on it. They sneak in backdoors and deliberately broken code
into these algorithms, which you or I have no way of checking for.
Intentional sabotage.

Also some years later, some very strong encryptions were discovered to
be not so strong due to vulnerabilities revealed through mathematical
analysis. That's not intentional sabotage, just an unforeseen failure to
see a weakness.

But if you're just trying to beat a standard lone-wolf hacker, rather
than the NSA, then I'm sure it's fine.

Guess why we’re moving to 256-bit AES keys | Agile Blog
http://blog.agilebits.com/2013/03/09...-bit-aes-keys/

Yousuf Khan

"Yousuf Khan" wrote:

Basically, you don't have to break your back to get a strong password. An
extremely long password that even includes dictionary words is *more*
unbreakable than a fully randomized smaller password. At some point a
password is so long that all computer systems give up on dictionary
attacks and go with brute force. When making a long password, just make it
simple & memorable for you, and just pad it with symbols. A dictionary
attack won't work on anything other than short passwords.

To get a "good" passphrase you don't even have to pad it with symbols unless
the password filtering logic demands it.

http://xkcd.com/936/

Sadly, some systems severely limit the passphrase length and/or prohibit the
presence of space characters in the password.

Fidelity Investments (and probably some other firms) maps alpha characters
to TouchTone buttons, so if you create the password "aBcdefGHI" it's treated
as if it were 222333444 to permit customers to log on to its automated
system via voice telephone. The saving grace is that there's a limit to the
number of wrong passwords one can enter before the account is locked, so as
long as the attacker can't get the password itself (via social engineering,
keyloggers, etc.) and can't penetrate Fidelity's servers, this isn't as much
a risk as it might initially appear.

Joe

On 08/01/2014 1:23 AM, Paul wrote:
I don't see any effort by AMD, to match them on this.

AMD is building in a full-function ARM processor into their newest
processors for "secure access to their content and worry-free online
transactions". It's supposed to leverage ARM's TrustZone security
feature. Why would you need a full-function processor core just to do
transaction processing, why not just license the algorithm and implement
in your own processor? Looks like it's exactly the same thing as what
Intel did. Buh-bye privacy!

Yousuf Khan

AMD Strengthens Security Solutions through Technology Partnership with ARM
http://www.amd.com/us/press-releases...2012jun13.aspx