|
|
Posted by Chung Leong on 11/20/56 11:50
veg_all@yahoo.com wrote:
> How easy is it to find the keyif you know parts of the encrypted data
> are equal to common words like name, email, etc.
What you described is known as known plaintext attack. Any cipher that
isn't broken is secured against it. "Broken" here means you can
discover the key with fewer tries than the number of possible keys. As
of yet there is no publicly known attack effective against Blowfish.
> I am using blowfish to encrpyt my client data on the server. My fear
> is if someone breaks into the server they could examine the source
> code and quickly tell which parts of the encrypted data correspond to
> certain commonly used strings . So given that knowledge would they
> easily
> be able to crack it?
If someone breaks into your server they'll be able to find the key.
Obviously it has to be sitting somewhere.
> When security sites publish times it takes to crack the key of
> encrypted data, does that assume the crackers already know what the
> data should say?
Yes, for symmetric ciphers. Otherwise it wouldn't be possible to know
if you've succeeded :-) The plaintext is usually chosen by the
attacker, in fact.
Navigation:
[Reply to this message]
|