Sorry for the late reply... On Sat, 2006-04-15 at 02:47 +0200, Christian Tschabuschnig wrote: > i want to do a dictionary-attack on a revelation-password-file. do you > know of any tools that attack a revelation-file directly or another way > to do an automized attack?
There are no tools for this, but the files can be brute-forced just like any other encrypted file. Just use this script [1], and modify it to loop over your dictionary and check if the decrypted data starts with <?xml - if so, bingo, you just found the password. [1] http://oss.codepoet.no/pipermail/revelation-list/2004-August/000019.html (not sure if this works with the current file format, but I think it should) > the password consists of substrings of a very few (about ten to twenty) > known strings. so it should be possible to crack it in a reasonable > amount of time with a program, right? If you only have a few hundred possible keys, then yeah, should be doable in a few minutes. Remember kids: encryption places all security in the key, so make sure you pick secure passwords. This information is available to anyone who bothers to skim through the sourcecode. -- Erik Grinaker <[EMAIL PROTECTED]> http://erikg.codepoet.no/ "We act as though comfort and luxury were the chief requirements of life, when all that we need to make us happy is something to be enthusiastic about." -- Albert Einstein
