Security Basics mailing list archives

RE: Encryption

From: "Andrew Chong" <andrewjw () singnet com sg>
Date: Thu, 6 Oct 2005 02:27:55 +0800


If you are trying to break the NIST standards algorithm, it will take
you a while and a lot of resources. i.e. DES, 3DES, AES (symmetric algo)

For cracking tools you can try L0phtCrack, John the Ripper, Cain & Abel.

Other useful hackers favourite tools are nmap, netcat, DsSniff.

If your Uni assignment really needs the student to crack recognised
alogrithm standards, then we will have to question the purpose of doing
so. Is the purpose to teach the student how to do a dictionary attack or
brute force attack? Even if the student wrote a program to run on 100
machines and manage to crack DES algo in record speed time, what does
the student learn? (btw, DES is proven to be less reliable. AES is the
NIST standard)

To learn crytography, the emphasis is to understand Key Management. Key
management consists of how to safeguard the keys, keys exchange, keys
modification etc..
Choosing the key length for your encryption is also important. One
example to put in your assignment is nowadays almost all commercial
websites are using 128-bit SSL and you can seldom see 56-bit SSL. 

Also, think about why do people want to spend the effort to crack the
encryption? This is all about measuring the gains and efforts needed.

Lastly, for the sake of the Uni assignment, you can write a simple VB
bit-shifting looping algo to illustrate how insecure is it for
non-standard algo.


Regards,
Andrew Chong, CISSP
http://www.sweetfantasy.biz

-----Original Message-----
From: Ian Crane [mailto:iancrane () tpg com au] 
Sent: Wednesday, October 05, 2005 6:28 PM
To: security-basics () securityfocus com
Subject: Encryption


Hi all,

I'm writing an assignment for Uni on Encryption and wanted to run a 
series of simple experiments as part of it.

I'm thinking of just encrypting some small amounts of data using 
different methods/algorithms and then trying to break it and comparing 
the results.

Can anyone please point me in the right directions in terms of the tools

I will need?

Thanks and regards,

Ian Crane

Current thread:

Encryption Ian Crane (Oct 05)
- RE: Encryption Andrew Chong (Oct 06)
- <Possible follow-ups>
- RE: Encryption Conlan Adams (Oct 06)
- RE: Encryption Keller, Tim (Oct 06)