Sorry for the late reply...

On Sat, 2006-04-15 at 02:47 +0200, Christian Tschabuschnig wrote:
> i want to do a dictionary-attack on a revelation-password-file. do you 
> know of any tools that attack a revelation-file directly or another way 
> to do an automized attack?

There are no tools for this, but the files can be brute-forced just like
any other encrypted file. Just use this script [1], and modify it to
loop over your dictionary and check if the decrypted data starts with
<?xml - if so, bingo, you just found the password.


(not sure if this works with the current file format, but I think it should)

> the password consists of substrings of a very few (about ten to twenty) 
> known strings. so it should be possible to crack it in a reasonable 
> amount of time with a program, right?

If you only have a few hundred possible keys, then yeah, should be
doable in a few minutes.

Remember kids: encryption places all security in the key, so make sure
you pick secure passwords. This information is available to anyone who
bothers to skim through the sourcecode.

Erik Grinaker <[EMAIL PROTECTED]>

"We act as though comfort and luxury were the chief requirements of
life, when all that we need to make us happy is something to be
enthusiastic about."
                                                  -- Albert Einstein

Reply via email to