Re: How good an encryption algorithm is this?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bonj (benjtaylor)
Date: 11/25/04

Next message: Don Christianson: "Re: Template function and dynamic_cast"

Previous message: Alexander Grigoriev: "Re: Template function and dynamic_cast"
In reply to: Ian Griffiths [C# MVP]: "Re: How good an encryption algorithm is this?"
Next in thread: Ian Griffiths [C# MVP]: "Re: How good an encryption algorithm is this?"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 25 Nov 2004 19:45:33 -0000

> The weakness described in the laptop <-> home server scenario is the same
> as the weakness in your scenario: anyone who gets a way of seeing the
> encrypted data will be able to use a statistical attack to work out what
> the key is. The only difference between the scenario I described and the
> one you describe is where this encrypted data lives, and by extension, the
> way in which the attacker gets her hands on that data. In the networked
> scenario, you'd use a packet sniffer. But in your case, you would need to
> harvest encrypted passwords from the registries of various users'
> machines. But having obtained sufficient encrypted data, the statistical
> crypto attack is identical in both cases because the attack is the same in
> both cases.

Right, I see the point now. If you can see the encrypted target, and you can
see the plaintext and the encrypted version of a 'control example' (or a
few), then you can derive the key and hence decrypt the target.

>
> The fact that I'm doing this with data in the registry rather than data
> being sent over the network is wholly irrelevant - the important thing
> about the example I gave is that the encrypted data that is directly
> visible to an attacker. (You've made it clear this is the case, since the
> attack you describe involves the attacker having access to the machine.
> They would need to get this access repeatedly to launch this particular
> attack of course.) And even if the key may not be as directly visible to
> them, the encrypted data can be used to discover the key. (Or a bit
> pattern that is as good as the key.)

Right, I see - I didn't get the point you were making in that the only thing
about the network is that you can see the data going over it. I was falsely
under the impression that your network example was implying to be taking
advantage of that asymmetric key technology.

Next message: Don Christianson: "Re: Template function and dynamic_cast"

Previous message: Alexander Grigoriev: "Re: Template function and dynamic_cast"
In reply to: Ian Griffiths [C# MVP]: "Re: How good an encryption algorithm is this?"
Next in thread: Ian Griffiths [C# MVP]: "Re: How good an encryption algorithm is this?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: How good an encryption algorithm is this?
... > encrypted data will be able to use a statistical attack to work out what ... The only difference between the scenario I described and the ... > one you describe is where this encrypted data lives, and by extension, the ... about the network is that you can see the data going over it. ...
(microsoft.public.dotnet.languages.csharp)
Re: Network workgroup problem
... When you set it up make sure the wireless network isn't doing ... anything fancy such as working with encrypted data. ... The WAN miniport probably is used by your internet connection and the ... Slightly more advanced would be to connect the two computers by ...
(microsoft.public.windowsxp.help_and_support)
Re: GFI Download Security vs. Trend WebProtect
... > Local Network, and more. ... Also it protects against things the firewall/proxy cannot check, ... > as encrypted data over SSL or any other protocol the firewall can't ... failure and desktop antivirus is dependent on too many ...
(microsoft.public.isa)