From: pstemari@erinet.com (Paul J. Ste. Marie)
Date: Fri, 23 Dec 94 22:25:28 PST
To: cypherpunks@toad.com
Subject: Re: Attacking Norton Encrypt
Message-ID: <9412240617.AA02276@eri>
MIME-Version: 1.0
Content-Type: text/plain


At 09:52 PM 12/23/94 IST, rishab@dxm.ernet.in wrote:
>
>Regarding the simple question about Norton Encrypt's security (and ignoring
>the alt.relationship-counsellor interlude), I believe Norton uses DES (for
>'maximum security' or a 'fast proprietary' method for convenience. I don't
>think it has the usual errors (password stored in ciphertext etc), but a
>brute force attack on DES is beyond the means of most Norton users IAC.

Perhaps, but if the earlier post is accurate about it mapping UC to lc and 
only accepting 8 characters of password, you've gone from a 56 bit keyspace 
to a ~38 bit keyspace.  A dictionary attack is certainly feasible--I don't 
recall what speeds have been achieved for brute-forcing DES lately.
    --Paul J. Ste. Marie