Erik Grinaker wrote:
> On Sun, 2006-05-28 at 16:23 -0500, John Lenz wrote:
>> Christian Tschabuschnig wrote:
>>> John Lenz wrote:
>>>> You could write your script to first build a database of the encryption
>>>> of the text <?xml using all the different passwords in your list.  Then,
>>>> you just need to do a binary search for the first few bytes of the
>>>> encrypted text.
>>> isn't the "<?xml" compressed by zlib in the original data-file before
>>> getting encrypted?
>> Yes, you are correct.  Sorry.  The attack should still be feasable
>> depending on the zlib algorithm (which I am not familiar with)
> Nope - Revelation uses cipher block chaining to prevent this.

Yes, you are correct again.  Man, I must have been not thinking properly
yesterday :)


Reply via email to