Re: Decrypt CipherValue with different DES2 keys getting a correct padding ?
- From: pb111270@xxxxxxxx
- Date: 31 May 2007 01:49:19 -0700
Hello Greg,
thank you for the detailed information.
So the attacker just has to try about 256 random
keys until he gets lucky (note he can check this
on his own).
But I'm not sure that just this last byte is
sufficient for correct padding. If I'm guessing
the padding scheme correctly, he might need it to
finish with "0x81 0x00". That would be 2^16 test
keys, still pretty trivial.
Padding is used as described in ISO/IEC 9797( method 2 ), there has to
be at least 1 byte padding (0x80).
If the messages need some more internal format
(like being readable ascii or something) the
number of keys the attacker has to try goes up,
until eventually he runs out of keys; this attack
is more possible to mount on a cipher with
*longer* keys.
The plain text is as well some cryptographic information, which will
be processed as given. So no further test (eg validation of ASN.1
structures) will be done. Just checking the padding.
Hope this makes some sense.
Yes it does. I was looking for some arguments, to move our customer to
siging the plain data first and the encrypt plain data and signature.
So we do not have to rely on a padding test to check if the decrypted
data is authentic.
Willy
.
- References:
- Prev by Date: Re: Digital Media Equipment Self-Encryption (DMESE)
- Next by Date: While this flood is going on..
- Previous by thread: Decrypt CipherValue with different DES2 keys getting a correct padding ?
- Next by thread: Re: Decrypt CipherValue with different DES2 keys getting a correct padding ?
- Index(es):
Relevant Pages
|
