Re^4: Storing credentials in a cross-platform binary file?

Replies are listed 'Best First'.
Re^5: Storing credentials in a cross-platform binary file? by missingthepoint (Friar) on Sep 14, 2008 at 14:41 UTC
But s?he won't be encrypting a piece of data: pieces will be encrypted and put in the file. In The Codebreakers by David Kahn (ISBN 9780684831305), the author spends some time describing the Allied codebreaking effort during WW2. One way they decrypted a lot of messages was to guess at the content of the messages. For instance, an encrypted German message might contain "Mittwoch" if sent on Wednesday. This guessed content was known as a "crib". By encrypting multiple pieces of information and storing them in a non-encrypted file, you're giving an attacker an awful lot of context for each piece. Which means coming up with cribs for those individual pieces will be a lot easier. In practice, which of the following would be harder to break? `Dave's password for the fileserver is: <encrypted data>` `<encrypted data encrypted data encrypted data encry...>` In the first instance, an attacker has a whole lot more to information to use, which improves their chances of a successful decryption. email: perl -e 'print reverse map { chr( ord($_)-1 ) } split //, "\x0bufo/hojsfufqAofc";'	[reply] [d/l] [select]
Re^6: Storing credentials in a cross-platform binary file? by tilly (Archbishop) on Sep 15, 2008 at 05:53 UTC
In many situations with modern cryptographic algorithms, it will not make a difference since we can specify how hard we want decryption to be. In others, it will matter. In essence the context will help with weak cryptographic algorithms, or if the same exact message will be passed many times. Also in some situations you will be in a better position to do a dictionary attack if you only have one password to guess (and know the algorithm). Whether this matters depends on the exact circumstances you find yourself in.	[reply]