[RC5] What does finding the contest key prove?
kimmerin at online.de
Sat Apr 17 02:21:10 EDT 1999
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 15 Apr 1999 19:02:15 -0400, Matthew_Webber at cca-int.com wrote:
>What does this tell us about a read-world cracking example, where we
>know any part of the plaintext message (we may not even know what
>or characterset it is in)? If I have mis-understood the issue, please
There are enough examples in the real world, where you know
plaintext in parts. For example ssl-encrypted http-connections.
All requests by a browser starts with "GET" or "POST". The ones
starting with POST are the more interesting, because this type
is mostly used to transfer data from the browser to the server.
Especially creditcard-numbers are transfered that way (should be).
Using DES for encrypting this informations now takes about one week
after investing 250.000$ to get the right key (worst case). And I
think there aren't that much keys that "decrypts" the text with "GET"
"POST" at the beginning of it.
Because you know more or less, how the next lines start, you can even
narrow the result of possible keys.
Another very important point is, that organizations like
are destroying the concept of "security by obscurity".
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
-----END PGP SIGNATURE-----
Lothar Kimmeringer E-Mail: kimmerin at online.de
Always remember: The answer is forty-two, there can only be wrong
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest
More information about the rc5