From: Jamie Riden (jamesr@europe.com)
Date: Fri Jan 19 2007 - 14:58:18 EST
On 19/01/07, Julien <prospi@gmail.com> wrote:
> Hi,
>
> So for you, the only possible attack is to "brute force" the password
> interface ?
> I actually know that the used algo is AES... no more.
> The minimum password length to use is 6 characters (including numbers
> and special characters..)
If there were any easy attacks against AES, it wouldn't be AES, it
would only be Rijndael :)
Try picking a copy of Practical Cryptography (Schneier), but unless
they've done anything dumb - like having insufficiently random
initialisation vectors, or using ECB mode instead of CBC to encrypt -
it's probably not going to get you very far. (Hopefully they have
used a decent crypto library like Botan or Peter Gutmann's one, and
haven't rolled their own.)
Cheers,
Jamie
-- Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:32 EDT