11-11-2011, 07:25 AM
AES256 is about as secure as encryption can get right now, for those not down with the lingo that's "Advanced Encryption Standard" and the 256 is how many bits the key is, think of it sort of like having a 256 character password of random letters and numbers.
It's good and strong, not technically impossible to crack but it would require so much computing power and take so long that it's just not realistic, which would be why there's no real risk in telling people that's what they're using.
But I've been hanging around the hacking "scene" for a while now, and that's how a programmer would think, not a hacker, there are far more subtle ways of getting data than just brute-forcing it, personally if I knew something had 256bit encryption I wouldn't even try to crack it, I'd try to get the key some other way, a compromised admin account, a remote exploit, or any other indirect attack.
To use an analogy, it doesn't matter how strong the door is or how many locks it has, because I'm trying to get through the window.
I'm all about not inflating the problem or scaremongering, in all likelihood the data is safe, but that doesn't mean you should be complacent about it, in the long run it always pays off to take the little steps extra to make sure of it yourself.
It's good and strong, not technically impossible to crack but it would require so much computing power and take so long that it's just not realistic, which would be why there's no real risk in telling people that's what they're using.
But I've been hanging around the hacking "scene" for a while now, and that's how a programmer would think, not a hacker, there are far more subtle ways of getting data than just brute-forcing it, personally if I knew something had 256bit encryption I wouldn't even try to crack it, I'd try to get the key some other way, a compromised admin account, a remote exploit, or any other indirect attack.
To use an analogy, it doesn't matter how strong the door is or how many locks it has, because I'm trying to get through the window.
I'm all about not inflating the problem or scaremongering, in all likelihood the data is safe, but that doesn't mean you should be complacent about it, in the long run it always pays off to take the little steps extra to make sure of it yourself.