From: cwright@bdosyd.com.au
Date: Tue Aug 21 2007 - 02:09:02 EDT
Section 8 of the Rijndael Block Cipher AES proposal details the ciphers strengths against known attacks. Please read this document (link above). There is no attack based on the key password without the key.
Regards,
Craig
>Renaud Dubois
Hello,
I think that Adrian is speaking about the case when the key is based on the password.
For example, with Keepass you can choose either key + password or only a password.
I think that if you choose the password only method, a key is generated based on the password you just typed. The length of the key depends the length of your password.
If someone could confirm..
Best regards,
On 19 Aug 2007 22:11:45 -0000, cwright@bdosyd.com.au <cwright@bdosyd.com.au> wrote:
Hello,
A weak password has nothing to do with this. I did not see any mention that the key was captured, just the file to be decrypted. If the key file is captured this is a separate issue and nothing to do with AES.
There is NO password stored with the encrypted file. A password is used to protect the key, but a key is always to be considered compromised if it is intercepted. The password takes no place in the encryption scheme. I would suggest that you have a read on the encryption protocol specifications.
Regards,
Craig
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:02 EDT