Re: What can one do against Keylogger Attacks?

From: Joseph Ashwood (ashwood_at_msn.com)
Date: 08/10/05

  • Next message: kurt wismer: "Re: Barcode Email" 
    Date: Wed, 10 Aug 2005 02:38:27 GMT

    [Note to those who are in the groups other than sci.crypt. I am only
    replying to this because these are legitimate questions, Crypto@SMS has been
    nominated for "troll of the year" on sci.crypt for various reasons]

    <Crypto@S.M.S> wrote in message news:11fds0ma5lt8vd1@news.supernews.com...
    > Joseph Ashwood wrote:
    > You claimed that CryptoSMS is weak because it uses Blowfish
    > as one of its encryption layers. SO which is it? Do these
    > "minor" attacks allow you to break Blowfish encrypted messages,
    > or not?

    I claimed that CryptoSMS has so many flaws in every part of it that it's
    strength is somewhere up there with tissue paper, among these was the poor
    selection of cryptographic primitives, which I believe the one I repeatedly
    told you was weak is RC4.

    >
    >> For the case in question (password storage), the data files are likely to
    >> be small enough, the data changes infrequent enough, and the data used in
    >> such a fashion that Blowfish, used in a suitable mode of operation,
    >> should be sufficient.
    >> Joe
    >
    > Are short messages equally small enough that Blowfish in CBC mode "should
    > be sufficient"?

    If the key is strong yes, in the case you are referring to, it was rather
    thoroughly lestablished that the key selection would be heavily flawed. It
    is also critical that the password storage case requires a single file so
    the CBC proof is easily satisfied, using short messages it is far more
    difficult to satisfy.
                        Joe

  • Next message: kurt wismer: "Re: Barcode Email"

    Relevant Pages

    • Re: What can one do against Keylogger Attacks?
      ... replying to this because these are legitimate questions, ... > You claimed that CryptoSMS is weak because it uses Blowfish ... I claimed that CryptoSMS has so many flaws in every part of it that it's ... thoroughly lestablished that the key selection would be heavily flawed. ...
      (alt.computer.security)
    • Re: Needle in a haystack--or is this just stupid?
      ... >>triple IDEA (all with independent keys, IV, nonce). ... > Blowfish has several partial attacks the coverage by Bruce Schneier (the ... Attacks on simplified Blowfish, ... CryptoSMS does both, so what you're saying here is ...
      (sci.crypt)