Re^3: Storing credentials in a cross-platform binary file?

By 'breaking the encryption' I meant 'going around the wall', that is, rendering the encryption ineffective. I know, taken literally 'breaking the encryption' means finding/exploiting a flaw in the actual algorithm, but I was speaking idiomatically - think 'arrays of arrays' in Perl.

Incidentally, and in agreement with you, tilly: I can't remember the source, but I recall someone from the NSA as being quoted as saying: "We don't need to break DES, because the implementations are so poor". For lots of cases, you can probably s/DES/modern cipher/.

email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'

Comment on Re^3: Storing credentials in a cross-platform binary file? Download Code

Replies are listed 'Best First'.
Re^4: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 12, 2008 at 05:51 UTC
I see no way in which encrypting the whole file makes the encryption any harder to break than using the same algorithm to encrypt a piece of data that you put into a file.	[reply]
Re^5: Storing credentials in a cross-platform binary file? by missingthepoint (Friar) on Sep 14, 2008 at 14:41 UTC
But s?he won't be encrypting a piece of data: pieces will be encrypted and put in the file. In The Codebreakers by David Kahn (ISBN 9780684831305), the author spends some time describing the Allied codebreaking effort during WW2. One way they decrypted a lot of messages was to guess at the content of the messages. For instance, an encrypted German message might contain "Mittwoch" if sent on Wednesday. This guessed content was known as a "crib". By encrypting multiple pieces of information and storing them in a non-encrypted file, you're giving an attacker an awful lot of context for each piece. Which means coming up with cribs for those individual pieces will be a lot easier. In practice, which of the following would be harder to break? `Dave's password for the fileserver is: <encrypted data>` `<encrypted data encrypted data encrypted data encry...>` In the first instance, an attacker has a whole lot more to information to use, which improves their chances of a successful decryption. email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'	[reply] [d/l] [select]
Re^6: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 15, 2008 at 05:53 UTC
In many situations with modern cryptographic algorithms, it will not make a difference since we can specify how hard we want decryption to be. In others, it will matter. In essence the context will help with weak cryptographic algorithms, or if the same exact message will be passed many times. Also in some situations you will be in a better position to do a dictionary attack if you only have one password to guess (and know the algorithm). Whether this matters depends on the exact circumstances you find yourself in.	[reply]