Penetration Testing mailing list archives
Re: [PEN-TEST] Places to find crypto craking tools
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 1 Dec 2000 15:54:15 -0500
On Thu, 30 Nov 2000, Nicholas Harring wrote:
PGP uses RSA to encrypt session keys of a lower computational cost algorythm. These lower cost algorythms are usually symmetric encryption, such as 3DES or the new AES (Rjindael<sp?>).
PGP uses IDEA by default, i believe, as it's message cipher. Stallings has
a great discussion of PGP and S/MIME, plus the ciphers used, in
Cryptography and Network Security, Principles and Practice.
a PGP message (encrypted but not signed) looks essentially like this:
K (K )|| K (M)
u s s
where || means concatenation, Ku is the public key of the recipient and Ks
is the symmetrical key.
The RSA key is of a public/private keyring nature, and thus not susceptible to password guessing type attacks, but instead susceptible to brute forcing the keyspace.
while you are welcome to attempt to brute force the RSA public key to obtain the private components, a better use of your time is to sieve the publicly known bits to obtain the private information. they each used the General Number Field Sieve code. two great sources of information on how this is done (via high powered math and computers) can be found on these links: see how they solved stage 10. they had access to sieving code, which you probably do not. http://www.google.com/search?q=cache:codebook.org/+the+code+book+challenge&hl=en see how alex muffet and his team cracked a 512 bit RSA public key, again the code is not public AFAIK, but the techniques are. http://www.rsasecurity.com/rsalabs/challenges/factoring/rsa155.html in short, brute forcing is theoretically possible, but don't waste your time, faster methods are out there. and yes, the idea that RSA is difficult to break is true, it's quite difficult, but not impossible. the general belief is that 512 bit RSA keys have fallen. time will be needed to factor 1024 bit keys. it's safe to assume that a determined and resource rich enemy can break generic RSA (512 bit) encryption when the gain is right. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- [PEN-TEST] Places to find crypto craking tools Erick Arturo Perez Huemer (Dec 01)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools William D. Colburn (aka Schlake) (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Crist Clark (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Dom De Vitto (Dec 07)
- [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Bennett Todd (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Brian Russo (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Camillo Särs (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Clem Colman (Dec 13)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)