What data is encoded?
in [Cryptography]
|
From: Tom St Denis on 3 Oct 2006 10:23 mistral wrote: > you can remove this value, this does not matter, its just sample, old. > I dont know why there not used SSL/TLS. Just try to break it, as you > consider it as ugly, clumsy code. Are you retarded or something? Aside from the a possible bug or weak password it's not likely to be broken. But I don't care to look at it because it's unoriginal and just a dirty scrap of code. I've got better things to do with my time. Tom
From: mistral on 3 Oct 2006 11:06 TC пиÑ?ал(а): > mistral wrote: > > > its old page, encrypted with "HTML Password Lock", nothing private > > there. Just clear sample that simple encryption software can provide a > > good protection. As you can see, its not so easy to break even this > > small page. > > So to me you say the purpose is: (1) "protection from robots > (software) and for [from?] non tech users", but to Tom you say the > purpose is: (2) to show that "simple encryption software can provide a > good protection". > > If the purpose is (1), then, the code is hopelessly over-complicated. > If the purpose is (2), then, no-one disagrees with that! (Of course you > can write strong encryption in javascript.) > > Bye :-) > TC (MVP MSAccess) > http://tc2.atspace.com ----------- this code sample is not related with my note about "protection from robots", I meant another code. The above mentioned encrypted code is another sample. m.
From: Dave on 3 Oct 2006 18:02 mistral wrote: > TC пиÑ?ал(а): > > > mistral wrote: > > > > > its old page, encrypted with "HTML Password Lock", nothing private > > > there. Just clear sample that simple encryption software can provide a > > > good protection. As you can see, its not so easy to break even this > > > small page. > > > > So to me you say the purpose is: (1) "protection from robots > > (software) and for [from?] non tech users", but to Tom you say the > > purpose is: (2) to show that "simple encryption software can provide a > > good protection". > > > > If the purpose is (1), then, the code is hopelessly over-complicated. > > If the purpose is (2), then, no-one disagrees with that! (Of course you > > can write strong encryption in javascript.) > > > > Bye :-) > > TC (MVP MSAccess) > > http://tc2.atspace.com > ----------- > this code sample is not related with my note about "protection from > robots", I meant another code. The above mentioned encrypted code is > another sample. > > m.
From: Dave on 3 Oct 2006 18:15 I am new to crytography, but I am very interested in decoding a web page that somebody else wrote with this very MTOPsoft HTML Password Lock software. As you can see by inspecting the code, it has a checksum verification of the password so it can give an alert if the wrong password is typed in. But there is a 1 in 128 chance that it will accept any random password, yet will not decrypt the text properly. This complicates a "brute force" attack on the password. Where can I find a descrition of the RC4 and MD5 algorithms, and just how strong are they? Do I even need to bother with MD5, since this just hashes the password and an already hashed password for decryption would be fine. The situation is that encrypted text and a decryption program are supplied, but a user supplied password is needed. I would like to somehow attack the algorithm so as to get the plaintext, either by discovering the password or otherwise. Since I have a copy of the encryption code (from MTOPsoft), I can encrypt my own known plaintext with a known password if this would help any. I am asking you to please point me in the right direction to crack this particular encryption algorithm. Are you concerned with the nature of the web page that I wish to crack, or no? If you want I can give you the link. It is just a regular web page on the internet. mistral wrote: > TC пиÑ?ал(а): > > > mistral wrote: > > > > > its old page, encrypted with "HTML Password Lock", nothing private > > > there. Just clear sample that simple encryption software can provide a > > > good protection. As you can see, its not so easy to break even this > > > small page. > > > > So to me you say the purpose is: (1) "protection from robots > > (software) and for [from?] non tech users", but to Tom you say the > > purpose is: (2) to show that "simple encryption software can provide a > > good protection". > > > > If the purpose is (1), then, the code is hopelessly over-complicated. > > If the purpose is (2), then, no-one disagrees with that! (Of course you > > can write strong encryption in javascript.) > > > > Bye :-) > > TC (MVP MSAccess) > > http://tc2.atspace.com > ----------- > this code sample is not related with my note about "protection from > robots", I meant another code. The above mentioned encrypted code is > another sample. > > m.
From: rossum on 3 Oct 2006 19:55
On 3 Oct 2006 15:15:58 -0700, "Dave" <dave42972000(a)yahoo.com> wrote: >As you can see by inspecting the code, it has a checksum verification >of the password so it can give an alert if the wrong password is typed >in. But there is a 1 in 128 chance that it will accept any random >password, yet will not decrypt the text properly. This complicates a >"brute force" attack on the password. No, it simplifies a brute force attack. When I try a password I start by doing a simple and quick checksum, I only have to run it through MD5 (longer and complex) iff it passes the checksum. That reduces the amount of work I need to do to brute force the password. >Where can I find a descrition of the RC4 and MD5 algorithms, and just >how strong are they? RC4: http://en.wikipedia.org/wiki/RC4 MD5: http://en.wikipedia.org/wiki/MD5 Both are a bit long in the tooth and not recommended for use in new applications unless for backwards compatibility. They are plenty strong enough for mistral's "non-tech users and robots" but not for keeping things from government agencies with three letter names. RC4 in particular is popular because it is extremely easy to program. For new applications the standard recommendations are AES for encryption and SHA-256 for hashing. Your specific requirements may indicate different choices. AES: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard SHA-256: http://en.wikipedia.org/wiki/SHA rossum |