Erik Grinaker wrote: > On Sun, 2006-05-28 at 16:23 -0500, John Lenz wrote: >> Christian Tschabuschnig wrote: >>> John Lenz wrote: >>>> You could write your script to first build a database of the encryption >>>> of the text <?xml using all the different passwords in your list. Then, >>>> you just need to do a binary search for the first few bytes of the >>>> encrypted text. >>> isn't the "<?xml" compressed by zlib in the original data-file before >>> getting encrypted? >>> >> Yes, you are correct. Sorry. The attack should still be feasable >> depending on the zlib algorithm (which I am not familiar with) > > Nope - Revelation uses cipher block chaining to prevent this. >
Yes, you are correct again. Man, I must have been not thinking properly yesterday :) John
