Penetration Testing mailing list archives
Re: [PEN-TEST] Places to find crypto craking tools
From: Dom De Vitto <dom () DEVITTO COM>
Date: Wed, 6 Dec 2000 23:46:50 -0000
| -----Original Message----- | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf | Of Jose Nazario | Sent: 01 December 2000 20:54 | To: PEN-TEST () SECURITYFOCUS COM | Subject: Re: [PEN-TEST] Places to find crypto craking tools | | | On Thu, 30 Nov 2000, Nicholas Harring wrote: | | > PGP uses RSA to encrypt session keys of a lower computational cost | > algorythm. These lower cost algorythms are usually symmetric | > encryption, such as 3DES or the new AES (Rjindael<sp?>). | | PGP uses IDEA by default, i believe, as it's message cipher. Not any more, they switch to CAST because of the IDEA patents. | in short, brute forcing is theoretically possible, but don't waste your | time, faster methods are out there. and yes, the idea that RSA is | difficult to break is true, it's quite difficult, but not impossible. the | general belief is that 512 bit RSA keys have fallen. time will be needed | to factor 1024 bit keys. it's safe to assume that a determined and | resource rich enemy can break generic RSA (512 bit) encryption when the | gain is right. Yea, generally speaking 1024 bits can be done by gov's & big corps, with (I'd speculate) a few week or so's 24x7 effort. It's worth making the keys over 1200 bits, at which point brute forcing the 128 bit crypto is often easier/quicker. Dom
Current thread:
- [PEN-TEST] Places to find crypto craking tools Erick Arturo Perez Huemer (Dec 01)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools William D. Colburn (aka Schlake) (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Crist Clark (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Dom De Vitto (Dec 07)
- [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Bennett Todd (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Dom De Vitto (Dec 10)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places to find crypto ...) Brian Russo (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Camillo Särs (Dec 13)
- Re: [PEN-TEST] Strength of RSA keys -vs- length (was Re: Places tofind crypto ...) Clem Colman (Dec 13)
- Re: [PEN-TEST] Places to find crypto craking tools Jose Nazario (Dec 02)
- Re: [PEN-TEST] Places to find crypto craking tools Nicholas Harring (Dec 02)