Re: [PEN-TEST] Brute Forcing MS-EFS

[John Curran <John.Curran () COGNOTEC COM>]

> A. More info about DESX. Is my overview correct?
You are correct about the XORing function. DESX is a "Hard Mode" Version of
DES. I believe it's something RSA came up with in  the '80's. In addition ot
the 56 bit key, it uses a second 64 bit key which is XORed to the plaintext
before the first round of DES. After the final round of DES, it uses a hash
function to reduce the 120(=56+64) bit key to 64 bits which is XORed with
the output.

This does add cryptographic value, apart just from making it immune from DES
crackers. Brute forcing also becomes much harder since the key search is now
in the 120 bit space rather than 56 bit (well into the forget about it area
IMHO). It's also more difficult to use cryptanalytic attacks and is a lot
faster than tripleDES.

> B. Brute force cracker for DESX.
I don't know of one. To write one you'd need the hash function which I don't
know, and it's probably a waste of time..

Regards,

John



************************************************************************
This email, its contents and any files attached are intended only for the named
addressee. They contain information which may be confidential and/or legally
privileged. If you are not the named addressee or if you have received this
email in error, (a) you may not, without the consent of Cognotec, copy, use or
rely on any information or attachments in any way and (b) please notify the
sender by return email and delete it from your email system.  Unless separately
agreed, Cognotec does not accept any responsibility for the accuracy or
completeness of the contents of this email or its attachments or for any
contractual commitments contained in this email or its attachments.
************************************************************************