Re: What can one do against Keylogger Attacks?
From: Joseph Ashwood (ashwood_at_msn.com)
Date: Wed, 10 Aug 2005 02:38:27 GMT
[Note to those who are in the groups other than sci.crypt. I am only
replying to this because these are legitimate questions, Crypto@SMS has been
nominated for "troll of the year" on sci.crypt for various reasons]
<Crypto@S.M.S> wrote in message news:email@example.com...
> Joseph Ashwood wrote:
> You claimed that CryptoSMS is weak because it uses Blowfish
> as one of its encryption layers. SO which is it? Do these
> "minor" attacks allow you to break Blowfish encrypted messages,
> or not?
I claimed that CryptoSMS has so many flaws in every part of it that it's
strength is somewhere up there with tissue paper, among these was the poor
selection of cryptographic primitives, which I believe the one I repeatedly
told you was weak is RC4.
>> For the case in question (password storage), the data files are likely to
>> be small enough, the data changes infrequent enough, and the data used in
>> such a fashion that Blowfish, used in a suitable mode of operation,
>> should be sufficient.
> Are short messages equally small enough that Blowfish in CBC mode "should
> be sufficient"?
If the key is strong yes, in the case you are referring to, it was rather
thoroughly lestablished that the key selection would be heavily flawed. It
is also critical that the password storage case requires a single file so
the CBC proof is easily satisfied, using short messages it is far more
difficult to satisfy.