At 12:57 PM +1000 on 5/23/99, Adrian Sutton wrote:
[Summary for OODL: Adrain sent me an early version of his voting stack so I
could track down the NetScape "Document Contains No Data"
bug. While tracking it down, I looked at the encryption
code and decided it was not secure at all. Adrain and I
argued about it. The climax of the story is when I wrote
a C++ program which broke the security system in under one
second. Thus, we're back to step one -- finding a reasonable
security system. ]
>Apparently, that's not going to help at all. Your program just returned my
>exact password.
Hmmm... I did not expect that. However, maybe that algorithm is more
reversable than I thaught. It did so for some others, so...
>I'm not sure whether the password you found was the same as
>in the stack (it would have been randomly generated), but it just found the
>one that's in the stack now precisely.
Well, I guess you'll have to come up with a new password now.
>
>The question now is, how do we implement a reasonable security system?
First, we'll need a key longer than 25 bits!
>Perhaps we should take this back on list now.
I agree. I've CC'd this back to the list. The summary up top is for their
convinience.
>I think I'll begin searching
>for an encryptology expert around the uni.
"Cryptography" is the correct name for the field.
>Let's go one step higher than
>just a Mathematician.
But _proving_ mathematicians wrong is so much fun!
>
>Thanks for your help here, I'd like to be able to find an ecryption
>mechanism that is secure. Actually, could I get the source code for the
>BreakCode program so that I can use it to test a few other combinations of
>numbers in case it is just me picking lousy numbers.
It's not your choice of numbers.
The source code can be gotten at <http://www.erols.com/derobert/break.sit.bin>
If you want to use new numbers, you'll have to edit tab.pl. You'll then
have to run "perl tab.pl > tab.cp"
