Re: "PenTest" a container file

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Fri Jan 19 2007 - 12:33:19 EST


On 1/18/07 3:10 PM, "Steve Friedl" <steve@unixwiz.net> spoketh to all:

> On Thu, Jan 18, 2007 at 09:55:36AM +0100, Julien wrote:
>> I've have to test the security of an encryption application. This
>> application create a container file to store all private data. The
>> tool use a private encryption type.
>> The only hint they gave me is that user have to submit is password to
>> open this container.
>> The aim of this test is to open the files inside this container file.
>
> If it's a proprietary encryption algorithm, that means it's probably a
> lousy one, so the cryptographers among us might be able to get somewhere.
> But that's beyond many of us here -- including me.

Let's hope he's getting paid by the hour, even if he doesn't crack it ;)

I hate to sound like the boob in the crowd, but these posts always strike me
as pretty sketchy. It's like the past post where some guy said he was hired
by a gov ISP to pentest their customer network, but he had to post to the
PenTest list to find out what he should do if he had the IP of the cable
modem. I mean, what kind of application development company using their own
encryption algorithm would hire someone to crack it who has to post to
PenTest for advice on what his first steps should be?

t

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:32 EDT