Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 31 Aug 2000 14:50
 Next: 31 Aug 2000 13:13

Other threads:
 Prev: Rebol/Command - accessing all records in t
 Next: [ALLY] New design ...

Same author:
 Prev: 30 Aug 2000 20:46
 Next: 31 Aug 2000 14:48

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
19-Apr 12:53 UTC
[0.072] 15.186k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Encryption with REBOL Re:(2)

From: civicminded4:yah:oo at: 31-Aug-2000 12:35


--0-596516649-967750511=:26976
Content-Type: text/plain; charset=us-ascii

Ryan, thank you for your response. I have a few comments/questions however...


(let me preface all of this with the fact that I am not an encryption expert, or even 
a novice, I am going by my understanding of the info from the sites listed in the script 
and links therein.  I am genuinely interested to hear comments about the strength od 
the ARC4 algorithm)

--- [ryanc--iesco-dms--com] wrote:
 ...

> It will keep most
> people out, but it is still quite crackable.
> Basically all you need to do is try every
> password--automatically of
> course...



True, but that is true of _any_ encryption.  If you choose a significantly long and random 
passphrase, then the time required to try every passphrase is _very_ large. You are speaking 
here of a brute-force attack. Given enough time and computing power any encryption is 
"crackable" by brute-force (excepting maybe the one-time pad?).  Remember, this is based 
on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is brute-force "crackable", 
you can have a _much_ larger passphrase, as with this script you can choose the passphrase 
yourself [upto 246 ascii characters long.  Even just using letters numbers and spaces 
you have 63 possible characters. 246 places with 63 possibilities each...  63^246 ... 
you do the math :)   ]

...


> Even easier is if someone sends a two files
> of the same type ,as bmp's for instance, it
> practically gives
> you the password.


How?


Perhaps you mean if two files are sent with the same passphrase?  This would be bad, 
but CipherSaber takes care of this by appending a random 10 character initialization 
vector to your passphrase, _greatly_ reducing the chances of two messages being sent 
with the same passphrase.  See the CipherSaber site for details.


> I am sure the FBI could break it, and the CIA could
> cut right through it without much trouble. I
> definitely
> wouldn't call it a "Carnivore Buster." It is
> probably the exact type of thing they are looking
> for.


Again, only brute-force "crackable" if you use a too-short, non-random passphrase.


I doubt that with the volume of mail going through a Carnivore system, spending years 
(or even hours or minutes) to crack each and every one of millions of e-mails is worth 
the FBI or CIA's time or even within their budgets. Just pick a length of passphrase 
appropriate to the sensitivity of the data.


> On the other hand, Its really good though for
> keeping ISP's and hackers from reading your email.


and your spouse, your boss, your business competitor...  ;)


> Why bother spending
> 5 weeks to decode someone's email? Most people
> wouldn't consider it, unless they were getting paid
> to do so.



Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very 
interested in knowing it.  Both encryption and rebol are new to me and I would appreciate 
any feedback either on the algorithm or the workings of the script itself.

--0-596516649-967750511=:26976
Content-Type: text/html; charset=us-ascii

<P>Ryan, thank you for your response. I have a few comments/questions however...</P>

<P>(let me preface all of this with the fact that I am not an encryption expert, or even 
a novice, I am going by my understanding of the info from the sites listed in the script 
and links therein.&nbsp; I am genuinely interested to hear comments about the strength 
od the ARC4 algorithm)</P>

<P><BR>--- [ryanc--iesco-dms--com] wrote:&nbsp;<BR>&nbsp;... <BR>> It will keep most <BR>> 
people out, but it is still quite crackable. <BR>> Basically all you need to do is try 
every <BR>> password--automatically of <BR>> course...</P>

<P>True, but that is true of _any_ encryption.&nbsp; If you choose a significantly long 
and random passphrase, then the time required to try every passphrase is _very_ large. 
You are speaking here of a brute-force attack. Given enough time and computing power 
any encryption is "crackable" by brute-force (excepting maybe the one-time pad?).&nbsp; 
Remember, this is based on ARC4 (RC4 of RSA), and while RC4 with 40 bit passphrases is 
brute-force "crackable", you can have a _much_ larger passphrase, as with this script 
you can choose the passphrase yourself [upto 246 ascii characters long.&nbsp; Even just 
using letters numbers and spaces you have 63 possible characters. 246 places with 63 
possibilities each...&nbsp;&nbsp;63^246 ...&nbsp;you do the math :)&nbsp;&nbsp; ]</P>
<P>...</P>

<P>>&nbsp;Even easier is if someone sends a two files <BR>> of the same type ,as bmp's 
for instance, it <BR>> practically gives <BR>> you the password. </P>
<P>How?</P>

<P>Perhaps you mean if two files are sent with the same passphrase?&nbsp; This would 
be bad, but CipherSaber takes care of this by appending a random 10 character initialization 
vector to your passphrase, _greatly_ reducing the chances of two messages being sent 
with the same passphrase.&nbsp; See the CipherSaber site for details.</P>

<P><BR>> I am sure the FBI could break it, and the CIA could <BR>> cut right through 
it without much trouble. I <BR>> definitely <BR>> wouldn't call it a "Carnivore Buster." 
It is <BR>> probably the exact type of thing they are looking <BR>> for.&nbsp;<BR></P>

<P>Again, only brute-force "crackable" if you use a too-short, non-random passphrase.</P>

<P>I doubt that with the volume of mail going through a Carnivore system, spending years 
(or even hours or minutes)&nbsp;to crack each and every one of millions of e-mails is 
worth the FBI or CIA's time or even within their budgets. Just pick a length of passphrase 
appropriate to the sensitivity of the data.</P>

<P>&nbsp;<BR>> On the other hand, Its really good though for <BR>> keeping ISP's and 
hackers from reading your email. </P>
<P>and your spouse, your boss, your business competitor...&nbsp; ;)</P>

<P><BR>> Why bother spending <BR>> 5 weeks to decode someone's email? Most people <BR>> 
wouldn't consider it, unless they were getting paid <BR>> to do so.&nbsp;<BR></P>

<P>Ryan, if you know of any way to "crack" RC4 (other than brute force) I would be very 
interested in knowing it.&nbsp; Both encryption and rebol are new to me and I would appreciate 
any feedback either on the algorithm or the workings of the script itself.</P>
<P>&nbsp;</P>
--0-596516649-967750511=:26976--

1 · 2 · [3] · 4 · 5 · 6 · See whole thread