Penetration Testing mailing list archives
Re: [PEN-TEST] Psydo-encyrption?
From: Bennett Todd <bet () RAHUL NET>
Date: Wed, 3 Jan 2001 14:20:26 -0500
2001-01-03-12:05:15 Parth Galen:
I have a client who appears to be encrypting files (.rft docs) by changing the default language to Chinese (Big5).
Cute!
My question is, having such a file, how do you get it back into English?
I'd whack it with a recode-shaped stick. recode[1] supports a powerful lot of charsets, I just checked and Big5 is listed among 'em.
I would like to demonstrate that they need REAL encryption rather than (what I believe to be) a trick.
Well, simply decyphering it with recode may or may not demonstrate that. Another part of the demonstration might need to be a demo of using some more appropriate program, e.g. PGP, to show how easy the job can be --- because if the security needs are completely negligible, and there's zero tolerance for any additional hassle in producing the "encrypted" file, it's possible that something like their current practice is actually suitable. By analogy, there's a very old tradition of using a completely negligible encypherment "rot-13", the Caesar cypher with offset 13, which can be decoded with "tr a-zA-Z n-za-mN-ZA-M" for Usenet postings, to give the reader a chance to make a conscious decision whether they want to see the text; people used this for the answers to riddles, for "spoilers" (notes that gave away the ending of a story), for possibly-offensive content, and other purposes. It was an appropriate encryption for the (negligible) security needs of that application. -Bennett [1] <URL:http://www.iro.umontreal.ca/contrib/recode/HTML>
Attachment:
_bin
Description:
Current thread:
- [PEN-TEST] Psydo-encyrption? Parth Galen (Jan 03)
- Re: [PEN-TEST] Psydo-encyrption? Bennett Todd (Jan 03)
- <Possible follow-ups>
- Re: [PEN-TEST] Psydo-encyrption? Iselin, William (Jan 03)
- Re: [PEN-TEST] Psydo-encyrption? Ng, Kenneth (US) (Jan 03)