Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pent-test a container file

From: Tim <tim-pentest () sentinelchicken org>
Date: Fri, 19 Jan 2007 15:11:05 -0500
I actually know that the used algo is AES... no more.
The minimum password length to use is 6 characters (including numbers
and special characters..)


Um, if you knew it was AES, why did you not mention this earlier?
You're not going to get much from the list if you don't give much.

If you know it's AES, do you know what key size (e.g.: 128, 192, 256)?
Once you know key size, you need to know how the 6+ character password
is converted to a key.  Is it just NULL padded, or are they using
something more intelligent?  There are published standards for this.

Do you know what mode it was encrypted with (e.g.: ECB, CBC, OFB, CFB,
or CTR)?  You could check for repeating blocks.  If you find any, it's
an indication it may be ECB.  Otherwise, who knows...

There, have a bone.  It ain't much, but it's kinda a pointless exercise
anyway.

tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: