Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "PenTest" a container file

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 19 Jan 2007 09:33:19 -0800



On 1/18/07 3:10 PM, "Steve Friedl" <steve () unixwiz net> spoketh to all:


On Thu, Jan 18, 2007 at 09:55:36AM +0100, Julien wrote:

I've have to test the security of an encryption application. This
application create a container file to store all private data. The
tool use a private encryption type.
The only hint they gave me is that user have to submit is password to
open this container.
The aim of this test is to open the files inside this container file.


If it's a proprietary encryption algorithm, that means it's probably a
lousy one, so the cryptographers among us might be able to get somewhere.
But that's beyond many of us here -- including me.


Let's hope he's getting paid by the hour, even if he doesn't crack it ;)

I hate to sound like the boob in the crowd, but these posts always strike me
as pretty sketchy.  It's like the past post where some guy said he was hired
by a gov ISP to pentest their customer network, but he had to post to the
PenTest list to find out what he should do if he had the IP of the cable
modem.  I mean, what kind of application development company using their own
encryption algorithm would hire someone to crack it who has to post to
PenTest for advice on what his first steps should be?

t



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: