[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vile] Some questions about the -k/-K options and encryption
|
From: |
Chris Green |
|
Subject: |
Re: [vile] Some questions about the -k/-K options and encryption |
|
Date: |
Thu, 15 Jan 2015 08:00:29 +0000 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Wed, Jan 14, 2015 at 07:55:27PM -0500, Thomas Dickey wrote:
> On Wed, Jan 14, 2015 at 07:36:27PM +0000, Chris Green wrote:
> > On Wed, Jan 14, 2015 at 08:28:43AM -0500, Paul Fox wrote:
> > > chris wrote:
> > > > On Tue, Jan 13, 2015 at 06:39:34PM -0500, Thomas Dickey wrote:
> > > > > On Tue, Jan 13, 2015 at 10:02:11PM +0000, Chris Green wrote:
> > > > > > I am trying to make a few things slightly more secure on my
> > > system.
> > >
> > > i'm sure you know this, but just in case... if you're looking to do
> > > anything more simple obfuscation of your content, you should be using
> > > something much stronger than crypt. gpg is a much better bet. i
> > > haven't used vile's gnugpg.rc macros in many years, but i assume
> > > they're still functional/viable.
> > >
> > Yes, I know its encryption isn't very strong but on the other hand I
> > think the way I'm using it makes it very unlikely to get broken.
> >
> > Given a file and the knowledge that it might be encrypted with crypt()
> > what methods of attack are there? It's not like a password where you
> > can brute force it by guessing lots of passwords until the result
> > matches the password file (well shadow file) entry.
>
> It's not really that hard. I came across a curses-based program in the 1990s
> which let one work through the password (I might even have a copy, but don't
> recall its name :-)
>
How does 'brute forcing' such a file work though? Don't you need to
have a piece of the 'answer' that you know is right as well as the
encoded file before you can brute-force it?
To brute-force a password one does the following:-
Guess the password
run it through crypt()
see if the result matches the entry in passwd/shadow
repeat as necessary
You can't do this with a file encrypted with vile/crypt, or I can't
see how you could do it, as there are two unknowns - the unencrypted
result *and* the password. So, yes, you can run through trying
zillions of passwords but how do you tell when you've got the right
one?
If you have a file in both encrypted and unencrypted form then, yes,
you can brute-force the password but there doesn't seem much point in
that!
--
Chris Green
- [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/13
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/13
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Paul Fox, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/14
- Re: [vile] Some questions about the -k/-K options and encryption,
Chris Green <=
- Re: [vile] Some questions about the -k/-K options and encryption, Thomas Dickey, 2015/01/15
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/15
- Re: [vile] Some questions about the -k/-K options and encryption, Chris Green, 2015/01/15