Security Basics mailing list archives
RE: Encryption
From: "Andrew Chong" <andrewjw () singnet com sg>
Date: Thu, 6 Oct 2005 02:27:55 +0800
If you are trying to break the NIST standards algorithm, it will take you a while and a lot of resources. i.e. DES, 3DES, AES (symmetric algo) For cracking tools you can try L0phtCrack, John the Ripper, Cain & Abel. Other useful hackers favourite tools are nmap, netcat, DsSniff. If your Uni assignment really needs the student to crack recognised alogrithm standards, then we will have to question the purpose of doing so. Is the purpose to teach the student how to do a dictionary attack or brute force attack? Even if the student wrote a program to run on 100 machines and manage to crack DES algo in record speed time, what does the student learn? (btw, DES is proven to be less reliable. AES is the NIST standard) To learn crytography, the emphasis is to understand Key Management. Key management consists of how to safeguard the keys, keys exchange, keys modification etc.. Choosing the key length for your encryption is also important. One example to put in your assignment is nowadays almost all commercial websites are using 128-bit SSL and you can seldom see 56-bit SSL. Also, think about why do people want to spend the effort to crack the encryption? This is all about measuring the gains and efforts needed. Lastly, for the sake of the Uni assignment, you can write a simple VB bit-shifting looping algo to illustrate how insecure is it for non-standard algo. Regards, Andrew Chong, CISSP http://www.sweetfantasy.biz -----Original Message----- From: Ian Crane [mailto:iancrane () tpg com au] Sent: Wednesday, October 05, 2005 6:28 PM To: security-basics () securityfocus com Subject: Encryption Hi all, I'm writing an assignment for Uni on Encryption and wanted to run a series of simple experiments as part of it. I'm thinking of just encrypting some small amounts of data using different methods/algorithms and then trying to break it and comparing the results. Can anyone please point me in the right directions in terms of the tools I will need? Thanks and regards, Ian Crane
Current thread:
- Encryption Ian Crane (Oct 05)
- RE: Encryption Andrew Chong (Oct 06)
- <Possible follow-ups>
- RE: Encryption Conlan Adams (Oct 06)
- RE: Encryption Keller, Tim (Oct 06)