At 06:48 PM 7/24/2001 -0500, you wrote:
>I think i got the point now thanx for all of your replies. I guess it's
>possible for it to be comprised, but not probable in most situations. but I
>like to make it so improbable that we might as well call it impossible hehe.
> but instead of just hiding the algorithm, what if i put certain key
>elements in wierd places. it's kinda like a door that needs 3 keys, and
>each key is in 7 pieces, and each of those pieces are scattered all over the
>place, and the key pieces dont even look like keys so anyone looking at it
>would not even think it is needed to decode whatever. now will that make
>things way more improbable? It' kinda like how microsoft has 2 people who
>remember only the other half of the DB password, and u have to ask each of
>them what it is to get the password heh.
Let's go a little further with your Microsoft analogy. You don't *have* to
ask either of them for their half of the password if you can run a good
dictionary against the login sequence.
Never underestimate the power of brute force. I wouldn't roll my own
encryption algorithm on somebody else's site. (But my best friend lectures
on encryption algorithms and he makes me very paranoid.)
The question isn't whether or not someone can crack your algorithm, it's
how many computer hours a brute force attack would take. Spreading out the
scheme may slow them down if they are actually looking for the encryption
scheme on the server, but that provides no protection against analysis of
the output.
Now available in a San Francisco Bay Area near you!
http://63.74.114.11/mr_urc/index.cfm
http://63.74.114.11/mr_urc/resume.cfm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
