What data is encoded?
in [Cryptography]
|
From: Dave on 3 Oct 2006 20:27 Many thanks, this should get me off and running! Good point about the password checksum - it should speed things up considerably. It looks as if a brute force attack might actually be the best way to go, just hope for a weak password. Also most web pages have certain words such as <HEAD> on them, which helps. The code limits the password to 20 characters which helps as well. I don't have a three letter name, but oh well... rossum wrote: > On 3 Oct 2006 15:15:58 -0700, "Dave" <dave42972000(a)yahoo.com> wrote: > >As you can see by inspecting the code, it has a checksum verification > >of the password so it can give an alert if the wrong password is typed > >in. But there is a 1 in 128 chance that it will accept any random > >password, yet will not decrypt the text properly. This complicates a > >"brute force" attack on the password. > No, it simplifies a brute force attack. When I try a password I start > by doing a simple and quick checksum, I only have to run it through > MD5 (longer and complex) iff it passes the checksum. That reduces the > amount of work I need to do to brute force the password. > > >Where can I find a descrition of the RC4 and MD5 algorithms, and just > >how strong are they? > RC4: http://en.wikipedia.org/wiki/RC4 > MD5: http://en.wikipedia.org/wiki/MD5 > > Both are a bit long in the tooth and not recommended for use in new > applications unless for backwards compatibility. They are plenty > strong enough for mistral's "non-tech users and robots" but not for > keeping things from government agencies with three letter names. RC4 > in particular is popular because it is extremely easy to program. > > For new applications the standard recommendations are AES for > encryption and SHA-256 for hashing. Your specific requirements may > indicate different choices. > > AES: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard > SHA-256: http://en.wikipedia.org/wiki/SHA > > rossum
From: Anne & Lynn Wheeler on 3 Oct 2006 20:30 "Dave" <dave42972000(a)yahoo.com> writes: > Where can I find a descrition of the RC4 and MD5 algorithms, and just > how strong are they? rfc 1321 I The MD5 Message-Digest Algorithm, Rivest R., 1992/04/16 (21pp) (.txt=35222) (See Also 1320) one of the things i've done for my rfc index http://www.garlic.com/~lynn/rfcietff.htm is a collection of all RFC summaries that reference md5 http://www.garlic.com/~lynn/rfcmd5.htm in the rfc summaries, clicking on the ".txt=nnnn" field retrieves the actual rfc.
From: Phil Carmody on 4 Oct 2006 03:47 "mistral" <polychrom(a)softhome.net> writes: > Phil Carmody ?????(?): > > The level of stupidity that the above demonstrates tells me to > > not bother wasting any more time on your nonsense. > You asserted that decoded script. If it so, what is pasword? I asserted no such thing. Are you a bit thick or something? Phil -- "Home taping is killing big business profits. We left this side blank so you can help." -- Dead Kennedys, written upon the B-side of tapes of /In God We Trust, Inc./.
From: Phil Carmody on 4 Oct 2006 03:48 "mistral" <polychrom(a)softhome.net> writes: > Phil Carmody ?????(?): > > The level of stupidity that the above demonstrates tells me to > > not bother wasting any more time on your nonsense. > > This page asks a password. Did you find it? What is password? What bit of "not bother wasting any more time on your nonsense" do you not understand? Phil -- "Home taping is killing big business profits. We left this side blank so you can help." -- Dead Kennedys, written upon the B-side of tapes of /In God We Trust, Inc./.
From: Phil Carmody on 4 Oct 2006 03:49
"mistral" <polychrom(a)softhome.net> writes: > with simple standard software). Phil Carmody fails to decrypt it and Phil Carmody didn't try to decrypt it. Phil -- "Home taping is killing big business profits. We left this side blank so you can help." -- Dead Kennedys, written upon the B-side of tapes of /In God We Trust, Inc./. |