Re: [PEN-TEST] Psydo-encyrption?

[Bennett Todd <bet () RAHUL NET>]

2001-01-03-12:05:15 Parth Galen:
> I have a client who appears to be encrypting files (.rft docs) by
> changing the default language to Chinese (Big5).

Cute!

> My question is, having such a file, how do you get it back into
> English?

I'd whack it with a recode-shaped stick. recode[1] supports a
powerful lot of charsets, I just checked and Big5 is listed among
'em.

> I would like to demonstrate that they need REAL encryption rather
> than (what I believe to be) a trick.

Well, simply decyphering it with recode may or may not demonstrate
that. Another part of the demonstration might need to be a demo of
using some more appropriate program, e.g. PGP, to show how easy the
job can be --- because if the security needs are completely
negligible, and there's zero tolerance for any additional hassle in
producing the "encrypted" file, it's possible that something like
their current practice is actually suitable.

By analogy, there's a very old tradition of using a completely
negligible encypherment "rot-13", the Caesar cypher with offset 13,
which can be decoded with "tr a-zA-Z n-za-mN-ZA-M" for Usenet
postings, to give the reader a chance to make a conscious decision
whether they want to see the text; people used this for the answers
to riddles, for "spoilers" (notes that gave away the ending of a
story), for possibly-offensive content, and other purposes. It was
an appropriate encryption for the (negligible) security needs of
that application.

-Bennett

[1] <URL:http://www.iro.umontreal.ca/contrib/recode/HTML>

Attachment: _bin
Description: