Penetration Testing mailing list archives
Re: pent-test a container file
From: Tim <tim-pentest () sentinelchicken org>
Date: Fri, 19 Jan 2007 15:11:05 -0500
I actually know that the used algo is AES... no more. The minimum password length to use is 6 characters (including numbers and special characters..)
Um, if you knew it was AES, why did you not mention this earlier? You're not going to get much from the list if you don't give much. If you know it's AES, do you know what key size (e.g.: 128, 192, 256)? Once you know key size, you need to know how the 6+ character password is converted to a key. Is it just NULL padded, or are they using something more intelligent? There are published standards for this. Do you know what mode it was encrypted with (e.g.: ECB, CBC, OFB, CFB, or CTR)? You could check for repeating blocks. If you find any, it's an indication it may be ECB. Otherwise, who knows... There, have a bone. It ain't much, but it's kinda a pointless exercise anyway. tim ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: pent-test a container file Jan Heisterkamp (Jan 18)
- Re: pent-test a container file Julien (Jan 19)
- Re: pent-test a container file Tim (Jan 19)
- Re: pent-test a container file Jamie Riden (Jan 19)
- Re: pent-test a container file Julien (Jan 19)