Bruce Black writes:
Knowing what encryption technique was used is a start toward decrypting the
data, but as you say it can still take a long time.
I've done a lot of reading on encryption recently, while helping to develop
our recently released
FDRCRYPT product (to encrypt FDR backups). I don't pretend to be an
expert, but it appears
that a lot of the cases where various kinds of encrypted data was "cracked"
involved known data,
where the cracker can easily tell when they have found the right key. One
of the challenges to > a cracker in trying to crack the encryption on
unknown data (like a FDR backup) is knowing when
the right key has been found. The data on the backup may or may not
contain recognizible
EBCDIC strings so the cracker must not only code his program to try various
keys but to also scan the decrypted data to see if it seems to make any
sense. For purely binary data, there may
never be a way to know unless the data layout is known.
and I have two comments.
The first is that all useful encryption schemes use public algorithms the
enumerative 'breaking' of which is in principle at once trivial and
preternaturally tedious. (When a suitable key length is used a program
executed on a large computer operating at the frequency of hard cosmic rays
should require a time that is long in relation to a human lifetime to do
so.)
Sercond, until recently hashing algorithms and in particular the NSA's
SHA-1, which has already been discussed here, were thought to approach this
ideal. During the last eighteen months, however, five hashing schemes are
known to have been broken, and it may well be that all such schemes share
fundamental weaknesses.
Mathematical understanding of these schemes is expanding rapidly, and it is
now such that alternatives to breaking them by brute-force, enumerative
methods are becoming available.
Another way to put this is to say there is something like a consensus among
coloro che sanno that SHA-1 is at best obsolescent. A replacement for it is
required, and a simplistic one like SHA-256 may not be the right one because
hashing schemes may be, in some measure certainly are already, open to
non-enumerative attack.
John Gilmore
Ashland, MA 01721-1817
USA
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
