Posted by Sjoerd on 12/18/52 11:50

veg_all@yahoo.com wrote:
> How easy is it to find the keyif you know parts of the encrypted data
> are equal to common words like name, email, etc.
>
> I am using blowfish to encrpyt my client data on the server. My fear
> is if someone breaks into the server they could examine the source
> code and quickly tell which parts of the encrypted data correspond to
> certain commonly used strings . So given that knowledge would they
> easily
> be able to crack it?
>
> When security sites publish times it takes to crack the key of
> encrypted data, does that assume the crackers already know what the
> data should say?

One way to crack a key is to try out all keys. Because there could be
very many keys, for example 2^128 =
340282366920938463463374607431768211456
This is unfeasable because it would take a lot of time. If a name is
used, there are approximatly
348055848 entries
(source: 2 * male names * surnames,
ftp://ftp.cerias.purdue.edu/pub/dict/wordlists/names/)

With 100.000 tries per second, a specific cipher can be decoded in one
hour.

In other words, your key should be as random as possible. Any cracking
data is based on a random key.

[Back to original message]