[RC5] What does finding the contest key prove?

Lothar Kimmeringer kimmerin at online.de
Sat Apr 17 02:21:10 EDT 1999


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 15 Apr 1999 19:02:15 -0400, Matthew_Webber at cca-int.com wrote:

>What does this tell us about a read-world cracking example, where we
do NOT
>know any part of the plaintext message (we may not even know what
language
>or characterset it is in)? If I have mis-understood the issue, please
>clarify!

There are enough examples in the real world, where you know
plaintext in parts. For example ssl-encrypted http-connections.
All requests by a browser starts with "GET" or "POST". The ones
starting with POST are the more interesting, because this type
is mostly used to transfer data from the browser to the server.
Especially creditcard-numbers are transfered that way (should be).
Using DES for encrypting this informations now takes about one week
after investing 250.000$ to get the right key (worst case). And I
think there aren't that much keys that "decrypts" the text with "GET"
or
"POST" at the beginning of it.
Because you know more or less, how the next lines start, you can even
narrow the result of possible keys.

Another very important point is, that organizations like
distributed.net
are destroying the concept of "security by obscurity".


Best regards

Lothar
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQCVAwUBNxe3oCw3MKmLw82BAQFdZQP/e2jG2m6WGB2/wwOJ3E1gmAJYz5RrRmOK
fYfou4a/5o5pROHIvwpWMBpR19SJngcm3PsD3T5XJkwdkNaHU6wzWV30FwCKJ8Li
JI4wU158fT4Chm1PWt4VEW2Y6vT2Er/fhW7uCOFlHdLo2Y08v+HwqYQjiBQbad5a
cmhoecXsJGQ=
=VziG
-----END PGP SIGNATURE-----

-- 
Lothar Kimmeringer                          E-Mail: kimmerin at online.de

Always remember: The answer is forty-two, there can only be wrong
                 questions!


--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list