Re: Brute forcing a key



On 13 Mar 2007 11:53:37 -0700, "Matthew Fanto" <mfanto@xxxxxxxxx> wrote:

On Mar 13, 1:28 pm, cwilliam...@xxxxxxx wrote:
This may be a dumb question, but in order to successfully decrypt a message
by brute forcing the key, do you have to know the encryption algorithm?

Yes, but it's assumed that the attacker knows the algorithm. If your
security comes from the fact the algorithm is secret, you have no
security.

Eventually the algorithm will be discovered, either through
reverse engineering, stealing the crypto device, or whatever.


Stealing is only useful for the duration which it remains undetected,
and this period of time can be reduced almost arbitrarily by regular
system monitoring.

bestwishes
laura


--
echo alru_aafriehdah@xxxxxxxxxx |sed 's/\(.\)\(.\)/\2\1/g'
.



Relevant Pages

  • Re: is this double CBC?
    ... understand the difference between algorithm and implementation. ... the place of a cipher, and that it fails to meet the security requirements, therefore it is weak. ... if it was designed to work in place of a cypher, i wouldn't be using AES now would i. once again i will state, i didn't code the AES module, someone who knows cryptography better than i do coded it. ... You designed something that is not supposed to add to security, instead it is designed to consume entropy, and so significantly weakens security. ...
    (sci.crypt)
  • Re: Compression and crypto
    ... than the designers were able to put into designing the cipher (or the ... the cipher (if there is any algorithm that succeeds), ... compression nearly always improves security substantially. ... That claim is a conjecture. ...
    (sci.crypt)
  • Chosen-ciphertext security and self-reducible trapdoor permutations
    ... security of RSA-OAEP is as hard as ... R is a randomized algorithm. ... we want to turn our trapdoor permutation into an encryption ... designed our encoding scheme well, so that our encryption scheme resists ...
    (sci.crypt)
  • Re: is this double CBC?
    ... understand the difference between algorithm and implementation. ... a cipher it is subject to the same security requirements of a cipher. ... The documentation on CBC is correct, but your comparison of your algorithm ...
    (sci.crypt)
  • Re: Symantec A/V - netscan password in registry
    ... Unless Symantec has developed a proprietary hashing algorithm, ... will expect you to tell it what sort of encryption is used, ... I agree that you may have a security issue here, but the question is, is it an issue ...
    (Pen-Test)