[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
Michael or Penny Novack
stepbystepfarm at comcast.net
Mon Sep 9 17:13:45 EDT 2024
On 9/9/2024 2:35 PM, Patrick James via gnucash-user wrote:
> Michael,
>
> Modern encryption systems, including open source systems, should be compliant with Kerckhoffs's principle.
>
Yes of course.
But historic note ---- Both the German "Enigma" and the Japanese
"Purple" were compliant with Kerckoff's principle. They were both
cracked by some very clever people aided by primitive computers. Because
where I worked had strong connections to the Navy, they were able to
arrange every couple years for us IT folks a talk by the late Adm. Grace
Murray Hopper, so I got to meet one of those clever people.
I suggest those confident that the modern systems would hold up against
being cracked* by equally clever people aided by our much more powerful
computers read a serious text on cryptanalysis. Before the house fire I
had the one by Shamir (the "S" of RSA). Instructive to see how DES might
be attacked and even more so how the earliest block cypher "Lucifer"
(early 1970's) EASILY cracked. It would give you some sense at how very
good the spooks are at their job.
BTW --Kerckhoffs's principle implies the algorithm is known to the
attacker, so open vs closed source is irrelevant. The exact coding used
to implement an algorithm would be irrelevant to the correct
implementation of the algorithm, all correct implementations being
equivalent. And open vs closed source matters only how hard to discover
an *unknown* algorithm. Just one more step. I have disassembled and
converted the output into decent human readable source (assembler
source) and it is a PITA even for the small program I had to do this for
(the source code got lost, probably back when programs went from card to
disk, that deck got missed)
Michael D Novack
* The modern use of the term "cracked" is reduction of the complexity
(amount of computing) of recovering a password to something practical in
terms of time and powerful computers. So for example, if the password is
128 bit, reducing to say 32 bits still unknown would be an example of
cracking since now brute force could take over.
More information about the gnucash-user
mailing list