Re: encryption key methods.

From: CryptWolf (RWilliams01_at_no.spam.sceinet.com)
Date: 06/28/03 

Date: Sat, 28 Jun 2003 00:51:21 GMT

pat saunders <pat.saunders@sis.securicor.co.uk> wrote in message
news:bc0e3bd8.0306270439.1fcd06d4@posting.google.com...
> Hi,
> I am new to encryption key methods but would like some feedback on the
> problem / method outlined below , beware it is quite an antiquated
> method.
> In the UK, engineers in their vans, send encrypted messages (Visual
> C++ PC)
> over GSM to an UNIX server application. The encryption key is 16 bit
> and based
> on the last two bytes of the data message to be encrypted.

Problem: At 16 bits, the entire key space can be brute forced in 65536 trys.
This is trivial on my antique 1Mhz Commodore 64 and easily finished
in a few minutes. A small fraction of a second on a moderm 1Ghz or
faster PC.

> I have sometimes noticed that when the encrypted data message reaches
> the
> Unix Server over GSM/X.25 the last two bytes of the encrypted data
> message have been changed / corrupted. The rest of the data message
> seems ok.

Probably a bug in the encryption or decryption algorithm. If not in the
encryption
then something in the transmission software has a bug.

> The application therefore cannot decrypt the message as the decryption
> key is not correct.
> I am basically wondering if this is a common method of passing
> encryption keys between two different computers over a network and
> what current methods are also used and if there is a s/w product /
> method that can improve / solve this problem.

I'd start with a real encryption system. The current 16 bits is a toy.
A study of your actual needs would be most helpful at this point.
It is very likely that a new system that is actually secure could be
used in place of the current system. Any serious crypto system
needs to be designed to fit the problem. You may need to add or change
procedures.

I could continue guessing, but that would be a waste of time.

CryptWolf

Relevant Pages

  • Re: if I encrypt key data why do I want or need SSL?
    ... If an attacker compromises your system somehow and gets your strong named ... he can simply decompile it. ... using asymetric encryption, you are rebuilding https... ... The encryption key itself - are you using one for all the encryption stuff? ...
    (microsoft.public.dotnet.security)
  • encryption key methods.
    ... I am new to encryption key methods but would like some feedback on the ... I have sometimes noticed that when the encrypted data message reaches ... The application therefore cannot decrypt the message as the decryption ...
    (sci.crypt)
  • Re: My encrypt/decrypt algorithm...
    ... the only issue for the algorithmus actual strength. ... I'm not someone who woke up one morning, seen an encryption special on ... fact that the encryption key,, is random, ... amount of time needed to decrypt it would span generations. ...
    (sci.crypt)
  • Re: How good is W2K encryption
    ... Having an encryption key (certificate) doesn't mean you also have the ... decryption key. ...
    (microsoft.public.win2000.security)
  • Re: alt.computer.security
    ... decryption key for the file to become accessible. ... I'm addressing password/keyfile encryption file protection for work ... I'm considering the encryption key as ... The keyfile will *not* be kept on the same computer that it was used ...
    (microsoft.public.security)