Security Basics mailing list archives
Re: Question
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 11 Feb 2008 17:36:21 +0100
On 2008-02-08 Lee Hilt wrote:
This probably would be a simple question, however I havent found a clean method to do this. If you have, lets say the seed and the Key generated for a particular secret, but no clue as to which algoritm was used to generate the key, Is there a clean method for deriving how the secret was generated? For example, if you had Seed: Frank Smith Generated Secret : F5678B24783G Could you then find out how to make the same mutation on an Initial string to Generate "valid" keys based on the algoritm. Not sure if I have explained this well, and it is for a project I am doing and I am looking at any potential workarounds in the system I might miss that might exploit my system.
1) Do not hijack other people's threads. Want to start a new topic? Write a new mail instead of replying to someone else's. 2) Choose a meaningful subject for your mail. Preferrably something that summarizes your topic. 3) There is no single straightforward method to identify an algorithm from a given cleartext/ciphertext combination. There may, however, be ways to identify the algorithm. Cryptanalysis deals with this kind of things. 4) Do not base your security on the secrecy of your algorithm. It's a basic principle of security that a system should remain secure as long as the key/passphrase remains secret, even if the algorithm is known to the attacker. This is known as Kerckhoff's Principle. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Spoof, Spam & Blacklist J. Lion (Feb 07)
- Re: Spoof, Spam & Blacklist Ansgar -59cobalt- Wiechers (Feb 08)
- Re: Spoof, Spam & Blacklist AJ (Feb 08)
- Re: Spoof, Spam & Blacklist J. Lion (Feb 08)
- Re: Spoof, Spam & Blacklist Arman (Feb 11)
- Question Lee Hilt (Feb 11)
- RE: Question David Gillett (Feb 11)
- Re: Question Ansgar -59cobalt- Wiechers (Feb 11)
- Re: Spoof, Spam & Blacklist J. Lion (Feb 08)
- Re: Spoof, Spam & Blacklist ыфзкфт (Feb 08)
- Re: Spoof, Spam & Blacklist Security Basic (Feb 11)