Re: Basic File Encyption

From: Brian Gladman (brg_at_nowhere.at.all)
Date: 12/15/03

• Next message: Richard Herring: "Re: Good Program That Creates OTPs?"
• Previous message: Tim Smith: "Re: Does OTP need authentication?"
• In reply to:(deleted message) No One: "Re: Basic File Encyption"
• Next in thread: Kent Briggs: "Re: Basic File Encyption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 15 Dec 2003 16:38:02 -0000

"No One" <no-one-no-spam@home.com> wrote in message
news:Y3VydHdpbGw=.c7591f94d9610e972714d73216a1aeb4@1071499059.cotse.net...
> Joe wrote:
> [snip]
> > program, how does the program know if you have entered the right
> > passphrase? [snip]
>
> As the other posters have pointed out there are two (that I know of, may
be
> more) ways this is done. One is the MAC, the other is to store a MD5 or
SHA-
> 1 hash of the passphrase with the cyphertext.
>
> Sorry I can't give a better answer, but I have a question. By providing an
> MD5 or SHA-1 hash, am I not aiding the brute-force attacker? With the hash
> he calulates the hash for the phrase he is trying; if it doesn't match he
> moves on to the next. Without the hash he has to inspect the resultant
> plaintext to determine if it is gibberish, right?

If a simple hash is used as the one-way function, it does seem likely that a
attack via this hash will be faster than one via decryption of the
ciphertext. If, however, a more complex one way function is used (for
example, an iterated hash) it might then be faster to attack the ciphertext.

However, quite a few issues are involved here so it is not possible to give
a definite answer to your question without considering more specific details
of any such schemes under consideration.

   Brian Gladman

---

• Next message: Richard Herring: "Re: Good Program That Creates OTPs?"
• Previous message: Tim Smith: "Re: Does OTP need authentication?"
• In reply to:(deleted message) No One: "Re: Basic File Encyption"
• Next in thread: Kent Briggs: "Re: Basic File Encyption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Non-secure hash with a secure cipher ... Kristian is right, if the encryption algorithm is, say, AES-CTR (or some ... M' be a collision for the hash function. ... In a chosen-plaintext attack, I trick the sender into transmitting M. ... Note that by observing the resultant ciphertext C, ... (sci.crypt) Re: How good an encryption algorithm is this? ... Actually it's vitally important that the salt is different every time. ... but a one-way hash of the password). ... >>> attack (using my dictionary of plaintext trial passwords and the ... you need to perform this iteration only once. ... (microsoft.public.dotnet.languages.csharp) Re: How good an encryption algorithm is this? ... Actually it's vitally important that the salt is different every time. ... but a one-way hash of the password). ... >>> attack (using my dictionary of plaintext trial passwords and the ... you need to perform this iteration only once. ... (microsoft.public.vc.language) Re: Public key encryption ... >>messages as to break the hash algorithm. ... > it amounts to equivalence to the RSA problem. ... > anything that can forge PSS signatures can do arbitrary RSA ... > attack on weak padding is Bleichenbacher's "Million Message Attack", ... (sci.crypt) Re: iis 6 ssl redirect initial login encrypted? ... encrypted using the hash of the password. ... that to the end user to encrypt, and I then return it to the IIS server. ... Yes, there is a man-in-the-middle attack on a specific auth sequence, ... authentication will somehow result in the exposure of credentials. ... (microsoft.public.inetserver.iis.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2003-12