Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Places to find crypto craking tools

From: Dom De Vitto <dom () DEVITTO COM>
Date: Wed, 6 Dec 2000 23:46:50 -0000
 | -----Original Message-----
 | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
 | Of Jose Nazario
 | Sent: 01 December 2000 20:54
 | To: PEN-TEST () SECURITYFOCUS COM
 | Subject: Re: [PEN-TEST] Places to find crypto craking tools
 | 
 | 
 | On Thu, 30 Nov 2000, Nicholas Harring wrote:
 | 
 | > PGP uses RSA to encrypt session keys of a lower computational cost
 | > algorythm. These lower cost algorythms are usually symmetric
 | > encryption, such as 3DES or the new AES (Rjindael<sp?>).
 | 
 | PGP uses IDEA by default, i believe, as it's message cipher. 

Not any more, they switch to CAST because of the IDEA patents.

 |  in short, brute forcing is theoretically possible, but don't waste your
 |  time, faster methods are out there. and yes, the idea that RSA is
 |  difficult to break is true, it's quite difficult, but not impossible. the
 |  general belief is that 512 bit RSA keys have fallen. time will be needed
 |  to factor 1024 bit keys. it's safe to assume that a determined and
 |  resource rich enemy can break generic RSA (512 bit) encryption when the
 |  gain is right.

Yea, generally speaking 1024 bits can be done by gov's & big corps, with (I'd
speculate) a few week or so's 24x7 effort.  It's worth making the keys over
1200 bits, at which point brute forcing the 128 bit crypto is often easier/quicker.

Dom
Previous By Date Next
Previous By Thread Next

Current thread: