Re: Question

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2008-02-08 Lee Hilt wrote:
> This probably would be a simple question, however I havent found a
> clean method to do this.
>
> If you have, lets say the seed and the Key generated for a particular
> secret, but no clue as to which algoritm was used to generate the key,
> Is there a clean method for deriving how the secret was generated?
>
> For example, if you had 
>
> Seed: Frank Smith
> Generated Secret : F5678B24783G
>
>
> Could you then find out how to make the same mutation on an Initial
> string to Generate "valid" keys based on the algoritm.
>
> Not sure if I have explained this well, and it is for a project I am
> doing and I am looking at any potential workarounds in the system I
> might miss that might exploit my system.

1) Do not hijack other people's threads. Want to start a new topic?
   Write a new mail instead of replying to someone else's.
2) Choose a meaningful subject for your mail. Preferrably something that
   summarizes your topic.
3) There is no single straightforward method to identify an algorithm
   from a given cleartext/ciphertext combination. There may, however, be
   ways to identify the algorithm. Cryptanalysis deals with this kind of
   things.
4) Do not base your security on the secrecy of your algorithm. It's a
   basic principle of security that a system should remain secure as
   long as the key/passphrase remains secret, even if the algorithm is
   known to the attacker. This is known as Kerckhoff's Principle.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq