Penetration Testing mailing list archives
Re: [PEN-TEST] Places to find crypto craking tools
From: Nicholas Harring <miniluv () MINILUV COM>
Date: Thu, 30 Nov 2000 21:04:46 -0600
-----BEGIN PGP SIGNED MESSAGE----- What you're looking for is a tool to brute force the passphrase, which is in and of itself useless without the private key in the schemes you've mentioned. Actually, here's the thing, PGP is a PKI infrastructure, DES and 3DES are symmetric encryption algorythms. PGP uses RSA to encrypt session keys of a lower computational cost algorythm. These lower cost algorythms are usually symmetric encryption, such as 3DES or the new AES (Rjindael<sp?>). The RSA key is of a public/private keyring nature, and thus not susceptible to password guessing type attacks, but instead susceptible to brute forcing the keyspace. RSA with a 1024 bit key is too large to make it worth your time, unless your client is a medium to large sized government with a lavish equipment budget and lots of spare time. You might be able to use a tool to brute force the passphrase on a PGP key if you in fact have said key, but I haven't heard of any tools to do this as the situation is semi-unusual. Hope that answers your question. Nicholas Harring /* *Are there any places to look for commercial or non-commercial *cracking tools for things like DES, 3DES, PGP...etc.. * *My question is based on the following: *If you select a program like 3DES (156 bits iguess) and secure some *documents with password like: IAMGOOD then the password is too weak *to create a secure document that can (i guess) whitstand a *brute-force attack. * *The tools can/will be used to perform another form of pen-test: *Secure-crypto-passwords implementations. I have one client that asked *me this question and a few hours on the web revealed nothing... */ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQEUAwUBOicVSQLoiaeIWIsTAQFPhAf3Wrtrinm2jOxaulkyhKHozSueWsJfOdlH H9dIRcaJf6Dl7gD8AxZAcCscQtDq/kYnfpGmmOY9P+fSBSTAMdemsheNSYhme6Z/ 9z/Akrw+n9AnR8D7rkz3ZT7bq5NSbEFbAFkNgH1Fium3WCrvZwOngaqcif0OguGd 2mmssY9QLXhaRlARcCmScjrlXtyaaI2sIt+VXXNE697iw6Qu96GhreeCzh/iXOUc La+CW/dulNCVMkMt14D2xgHcWIBdI7IbuD5TMOL2COcN53DrYPbpMACicGAXpvJA xvhZqZdhXICHqwGxgyHAwKaB0R7dyIkQQsMctmxicGgvFMiCKipA =sTbP -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Places to find crypto craking tools Erick Arturo Perez Huemer (Dec 01)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools William D. Colburn (aka Schlake) (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Crist Clark (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Dom De Vitto (Dec 07)
- [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Bennett Todd (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Brian Russo (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Camillo Särs (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Clem Colman (Dec 13)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)