Re: ABN Tape - Found

Thu, 29 Dec 2005 08:09:00 -0800 


The strength of any encryption system is often measured in the amount of
time it would take to crack the key and decrypt the data.  For example,
current estimates as to the length of time is would take to crack a 256 bit
AES key are in the trillions of years range (given current technology).
(The estimated age of the universe is only 12 to 14 billion years.)

If this, then, is the measure of the strength of an encryption system, I
don't think the "lack of knowledge" encryption algorithm is very strong at
all.   I would feel remiss trying to pawn this off to an auditor as a
protection method given the current regulatory environment.  A couple of
phone calls to a company posing as a reporter for a storage magazine or a
vendor sales rep could easily yield the information necessary to 'decrypt'
that data.


Jeffrey, I seem to be missing your point.  Are you suggesting that if I 
call up pretending to be a reporter, a company would give me the keys 
necessary to decrypt their data?  If not, then what information do you mean?



Knowing what encryption technique was used is a start toward decrypting 
the data, but as you say it can still take a long time.



I've done a lot of reading on encryption recently, while helping to 
develop our recently released FDRCRYPT product (to encrypt FDR 
backups).  I don't pretend to be an expert, but it appears that a lot of 
the cases where various kinds of encrypted data was "cracked" involved 
known data, where the cracker can easily tell when they have found the 
right key.  One of the challenges to a cracker in trying to crack the 
encryption on unknown data (like a FDR backup) is  knowing when the 
right key has been found.  The data on the backup may or may not contain 
recognizible EBCDIC strings so the cracker must not only code his 
program to try various keys but to also scan the decrypted data to see 
if it seems to make any sense.  For purely binary data, there may never 
be a way to know unless the data layout is known. 


--
Bruce A. Black
Senior Software Developer for FDR
Innovation Data Processing 973-890-7300
personal: [EMAIL PROTECTED]
sales info: [EMAIL PROTECTED]
tech support: [EMAIL PROTECTED]
web: www.innovationdp.fdr.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html






















					Reply via email to