From: Tim (tim-pentest@sentinelchicken.org)
Date: Fri Jan 19 2007 - 15:11:05 EST
> I actually know that the used algo is AES... no more.
> The minimum password length to use is 6 characters (including numbers
> and special characters..)
Um, if you knew it was AES, why did you not mention this earlier?
You're not going to get much from the list if you don't give much.
If you know it's AES, do you know what key size (e.g.: 128, 192, 256)?
Once you know key size, you need to know how the 6+ character password
is converted to a key. Is it just NULL padded, or are they using
something more intelligent? There are published standards for this.
Do you know what mode it was encrypted with (e.g.: ECB, CBC, OFB, CFB,
or CTR)? You could check for repeating blocks. If you find any, it's
an indication it may be ECB. Otherwise, who knows...
There, have a bone. It ain't much, but it's kinda a pointless exercise
anyway.
tim
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:32 EDT