Posted by Peter Fox on 06/18/06 08:09

Following on from 's message. . .
>How easy is it to find the keyif you know parts of the encrypted data
>are equal to common words like name, email, etc.
>
>I am using blowfish to encrpyt my client data on the server. My fear
>is if someone breaks into the server they could examine the source
>code and quickly tell which parts of the encrypted data correspond to
>certain commonly used strings . So given that knowledge would they
>easily
>be able to crack it?
>
>When security sites publish times it takes to crack the key of
>encrypted data, does that assume the crackers already know what the
>data should say?
>
4mins and 34sec on a Pentium III.

When I broke into your server I looked for the *keys* your software uses
rather than mess about trying to break encryption.

Then I read Security Engineering by Ross Anderson, pub Wiley which told
me to make sure I was protecting the right things.

Then I realised I might want to post to an appropriate newsgroup instead
so wrote a post with more specific technical information to comp.crypto
etc.


--
PETER FOX Not the same since the borehole business dried up
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

[Back to original message]