From: Ray Arachelian <sunder@brainlink.com>
To: cypherpunks <cypherpunks@toad.com
Message Hash: e531cf8cda06709cd3598f10a670a26855f3d37e929168141fea99a7e8b0bfda
Message ID: <Pine.SUN.3.91.970331111923.18046H-100000@beast.brainlink.com>
Reply To: N/A
UTC Datetime: 1997-03-31 16:16:44 UTC
Raw Date: Mon, 31 Mar 1997 08:16:44 -0800 (PST)
From: Ray Arachelian <sunder@brainlink.com>
Date: Mon, 31 Mar 1997 08:16:44 -0800 (PST)
To: cypherpunks <cypherpunks@toad.com
Subject: Re: [NTSEC] Re: Internet Explorer Bug #4 (fwd)
Message-ID: <Pine.SUN.3.91.970331111923.18046H-100000@beast.brainlink.com>
MIME-Version: 1.0
Content-Type: text/plain
=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\.
..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\
<--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/
../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/.
.+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|.....
======================== http://www.sundernet.com =========================
For with those which eternal lie, with strange eons even death may die.
---------- Forwarded message ----------
Date: Sat, 29 Mar 1997 14:37:43 -0800
From: Chris Plunkett <chris.plunkett@opensys.com>
To: pmarc@cmg.FCNBD.COM
Cc: Romulo Moacyr Cholewa <rmcholewa@poboxes.com>,
Windows NT BugTraq Mailing List <NTBUGTRAQ@rc.on.ca>,
"ntsecurity@iss.net" <ntsecurity@iss.net>, hughtay@microsoft.com
Subject: Re: [NTSEC] Re: Internet Explorer Bug #4
> > We are aware of this, but the report is misleading. The report states
> > that both times the password sent from the client to the server is
> > encrypted. It would take quite a while for even a Cray Supercomputer to
> > decrypt the password, even if it was dedicated to that sole task. For
> > the average network server (and a powerful one), it would take a few
> > human lifetimes to decrypt them even if they were dedicated to that sole
> > task.
>
> Arrggghhh! Nothing sets off my ignorance alert more quickly than somebody
> who mentions a Cray in conjunction with attempts to brute force crypto
> algorithms. I won't bother to explain all of the reasons why that is a
> foolish thing to say. Instead I will share a little story about some folks I
> know from about 3-4 years ago. (Greetings to any of these individuals who
> may be lurking on NTSEC or NTBUGTRAQ.)
>
> Apparently they had some good reasons to go after the encryption algorithm
> used by WordPerfect. After several ineffective implementations, a
> WordPerfect engineer developed a DES based encryption algorithm. His claim
> was that it would take a room full of Crays to break the algorithm. Hmmm...
> sounds familiar. Needless to say, shortly after a successful attack on the
> algorithm by those mentioned, there was a certain 486 with a YMP sticker
> plastered to its front.
>
> Sure, brute force attacks can be expensive when an algorithm is implemented
> correctly. However, I can't let it pass when these facts are expressed in
> such a patronizing manner.
>
> ---
> Paul M. Cardon - System Officer
> Capital Markets Systems - First Chicago NBD Corporation
> pmarc@cmg.fcnbd.com - (312) 732-7392
>
I heard a story one time. It evolved around a college student in
France doing some cyptography work in school, working nights
as a backup operator at some large computer center. He didn't need
a cray. A little knowledge and some creative programming, and
a center full of computers (problably around the size of a Sparc 10).
The story ended explaning how one of the encryption schemes that
would tale a Cray week to break, was broken in one night, by a
bunch of computers running backups.
It might be hard to find a cray, but I know a guy, he works
at this place where they got them 15 pentium pros. The average
network server has another server for some other task on the
same wire.
------------------------------------------------------------
Chris Plunkett System Technician
Breakwater Technologies Inc.
phone:(206)803-5000x112 Fax:(206)803-5001
http://www.breakwater.net mailto:chris@breakwater.net
------------------------------------------------------------
Return to April 1997
Return to “Ray Arachelian <sunder@brainlink.com>”