Re: Can encryrpted packets be cracked by middle man?
From: William Stacey [MVP] (staceyw_at_mvps.org)
Date: 10/04/05
- Next message: hsd31: "Secedit and Domain Controller Security Policy"
- Previous message: Shenan Stanley: "Re: ghstwalk, Outlook Express"
- In reply to: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Next in thread: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Reply: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Oct 2005 11:04:29 -0400
We must also remember that depending on how and what is being sent, you may
not need to crack it, you may just need to capture it and reuse it. Also
have to worry about reply attacks. If a user just encrypts his password
with AES and sends that on the wire, I don't need to crack AES, as I have
the pw equiv. So I can just create my own logon session using the encrypted
bytes. Example of not climing up the wall, but just walking around it. One
reason why good security is hard. There are so many attack vectors to think
about. The security protocol needs to looked at as a whole.
-- William Stacey [MVP] "Wolf Kirchmeir" <wolfekir@sympatico.ca> wrote in message news:ILv0f.1915$R4.255575@news20.bellglobal.com... > Dave Nickason [SBS MVP] wrote: >> Sorry to disagree. Part of this depends on the type of encryption used, >> but good 128-bit encryption is far from trivial to break. Check out this >> FAQ http://www.nist.gov/public_affairs/releases/aesq&a.htm. Here's a >> relevant quote: >> >> 16. What is the chance that someone could use the "DES Cracker"-like >> hardware to crack an AES key? >> In the late 1990s, specialized "DES Cracker" machines were built that >> could recover a DES key after a few hours. In other words, by trying >> possible key values, the hardware could determine which key was used to >> encrypt a message. > > A few hours is a very short time to crack a code. > >> Assuming that one could build a machine that could recover a DES key in a >> second (i.e., try 255 keys per second), then it would take that machine >> approximately 149 thousand-billion (149 trillion) years to crack a >> 128-bit AES key. To put that into perspective, the universe is believed >> to be less than 20 billion years old. > > Thanks, I forgot about the difference between DES and AES (not that I have > more than casual knowledge of these things.) Like I said, it takes a > little longer... :-) > > My point was that the OP needn't worry about encrypted data being read by > 3rd parties, a point which your information strengthens, so thanks for > that, too. > > There is an implication in the OP's question that perhaps should be > addressed. The OP's question IMO could be paraphrased as, "Is there are > _practical_ risk that encrypted data can be read by a third party?", and > to that the answer is No. Even rather weak encryption schemes are enough > of a hassle that the decrypter must have a good reason for cracking the > key, but that would imply that some prior knowledge of the data's value. > If that knowledge is out there, you have more security problems than can > be addressed by data encryption alone.
- Next message: hsd31: "Secedit and Domain Controller Security Policy"
- Previous message: Shenan Stanley: "Re: ghstwalk, Outlook Express"
- In reply to: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Next in thread: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Reply: Wolf Kirchmeir: "Re: Can encryrpted packets be cracked by middle man?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
