Re: pent-test a container file
- From: Tim <tim-pentest@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 19 Jan 2007 15:11:05 -0500
I actually know that the used algo is AES... no more.
The minimum password length to use is 6 characters (including numbers
and special characters..)
Um, if you knew it was AES, why did you not mention this earlier?
You're not going to get much from the list if you don't give much.
If you know it's AES, do you know what key size (e.g.: 128, 192, 256)?
Once you know key size, you need to know how the 6+ character password
is converted to a key. Is it just NULL padded, or are they using
something more intelligent? There are published standards for this.
Do you know what mode it was encrypted with (e.g.: ECB, CBC, OFB, CFB,
or CTR)? You could check for repeating blocks. If you find any, it's
an indication it may be ECB. Otherwise, who knows...
There, have a bone. It ain't much, but it's kinda a pointless exercise
anyway.
tim
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- RE: pent-test a container file
- From: Jan Heisterkamp
- Re: pent-test a container file
- From: Julien
- RE: pent-test a container file
- Prev by Date: Re: reverse proxy identification
- Next by Date: Re: Automated Nmap Scans / Front End
- Previous by thread: Re: pent-test a container file
- Next by thread: Automated Nmap Scans / Front End
- Index(es):
Relevant Pages
|
