1996-07-24 - Re: Brute Force DES
Header Data
From: Adam Shostack <adam@homeport.org>
To: deviant@pooh-corner.com (The Deviant)
Message Hash: 4422ac103aa0168ec4dd98474d46e394677adbec85cab6a875212ebe3d92db88
Message ID: <199607241301.IAA00906@homeport.org>
Reply To: <Pine.LNX.3.94.960724063243.1558B-100000@switch.sp.org>
UTC Datetime: 1996-07-24 15:11:15 UTC
Raw Date: Wed, 24 Jul 1996 23:11:15 +0800
Raw message
From: Adam Shostack <adam@homeport.org>
Date: Wed, 24 Jul 1996 23:11:15 +0800
To: deviant@pooh-corner.com (The Deviant)
Subject: Re: Brute Force DES
In-Reply-To: <Pine.LNX.3.94.960724063243.1558B-100000@switch.sp.org>
Message-ID: <199607241301.IAA00906@homeport.org>
MIME-Version: 1.0
Content-Type: text
Most protocols give you stereotyped headers, which are
perfectly valid for known plaintext attacks. The rc4 cracks were done
on the Netscape rc4(md5(key+salt) used in ssl. They were based on
known plaintext in the HTTP headers.
(Incidentally, we might want to test the key distribution &
reporting mechanisms on a crack of vanilla rc4-40, or another SSL
crack. Cracking des will not be cheap, and we should do some test
runs first.)
Adam
The Deviant wrote:
| > For instance if you had a DES encrypted gzipped file. The first 2 bytes
| > plaintext will be Ox1f8b. You'd only have to try to fully decrypt
| Buy the point is to prove that DES shouldn't be used, not that it CAN
| be brute forced. A known-plaintext attack doesn't show that. We hafta
| attack something we've never seen. (i.e. talk Netscape, or some other
| company, into generating a DES'd message, and keeping the keys safe)
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Thread
Return to July 1996
- Return to “Adam Shostack <adam@homeport.org>”
- Return to “dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)”
- Return to “Julian Assange <proff@suburbia.net>”
- Return to “Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>”
- Return to “Olmur <olmur@dwarf.bb.bawue.de>”
- Return to ““Perry E. Metzger” <perry@piermont.com>”
- Return to ““Peter Trei” <trei@process.com>”
Return to “The Deviant <deviant@pooh-corner.com>”
- 1996-07-23 (Tue, 23 Jul 1996 15:56:49 +0800) - Re: Brute Force DES - “Peter Trei” <trei@process.com>
- 1996-07-23 (Wed, 24 Jul 1996 02:00:29 +0800) - Re: Brute Force DES - “Perry E. Metzger” <perry@piermont.com>
- 1996-07-23 (Wed, 24 Jul 1996 04:20:15 +0800) - Re: Brute Force DES - Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
- 1996-07-24 (Wed, 24 Jul 1996 17:54:19 +0800) - Re: Brute Force DES - The Deviant <deviant@pooh-corner.com>
- 1996-07-24 (Wed, 24 Jul 1996 23:11:15 +0800) - Re: Brute Force DES - Adam Shostack <adam@homeport.org>
- 1996-07-24 (Thu, 25 Jul 1996 04:22:06 +0800) - Re: Brute Force DES - “Perry E. Metzger” <perry@piermont.com>
- 1996-07-25 (Thu, 25 Jul 1996 10:06:16 +0800) - Re: Brute Force DES - dlv@bwalk.dm.com (Dr.Dimitri Vulis KOTM)
- 1996-07-24 (Wed, 24 Jul 1996 17:54:19 +0800) - Re: Brute Force DES - The Deviant <deviant@pooh-corner.com>
- 1996-07-24 (Wed, 24 Jul 1996 20:57:56 +0800) - Re: Brute Force DES - Julian Assange <proff@suburbia.net>
- 1996-07-23 (Wed, 24 Jul 1996 04:20:15 +0800) - Re: Brute Force DES - Kevin L Prigge <Kevin.L.Prigge-2@tc.umn.edu>
- 1996-07-25 (Thu, 25 Jul 1996 09:33:23 +0800) - Re: Brute Force DES - Olmur <olmur@dwarf.bb.bawue.de>
- 1996-07-25 (Thu, 25 Jul 1996 11:23:59 +0800) - Re: Brute Force DES - Adam Shostack <adam@homeport.org>
- 1996-07-23 (Wed, 24 Jul 1996 02:00:29 +0800) - Re: Brute Force DES - “Perry E. Metzger” <perry@piermont.com>