Penetration Testing mailing list archives
Re: pent-test a container file
From: "Jamie Riden" <jamesr () europe com>
Date: Sat, 20 Jan 2007 08:58:18 +1300
On 19/01/07, Julien <prospi () gmail com> wrote:
Hi, So for you, the only possible attack is to "brute force" the password interface ? I actually know that the used algo is AES... no more. The minimum password length to use is 6 characters (including numbers and special characters..)
If there were any easy attacks against AES, it wouldn't be AES, it would only be Rijndael :) Try picking a copy of Practical Cryptography (Schneier), but unless they've done anything dumb - like having insufficiently random initialisation vectors, or using ECB mode instead of CBC to encrypt - it's probably not going to get you very far. (Hopefully they have used a decent crypto library like Botan or Peter Gutmann's one, and haven't rolled their own.) Cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- RE: pent-test a container file Jan Heisterkamp (Jan 18)
- Re: pent-test a container file Julien (Jan 19)
- Re: pent-test a container file Tim (Jan 19)
- Re: pent-test a container file Jamie Riden (Jan 19)
- Re: pent-test a container file Julien (Jan 19)