| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Re: pent-test a container file |
| From: | "Jamie Riden" <jamesr@europe.com> |
| Date: | Sat, 20 Jan 2007 08:58:18 +1300 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=KhQ4Bbt75vGiTZMVbMCDuHhvOfw9SWRGZ0RYSh3dafNbLspqkEJeMJ5KTnwAeLfOc1ZTJm8HWRuERM6itN7B1hPz/w9WdEIThwa5FD/R8MUFNFNouPR0CjsdgM7FgS7hs/zAhcJNvKe7UrSGbMoSmescvFl/fwluFbQGr1vr23w= |
| In-reply-to: | <f04913100701190228s7f309869v8f9f644bd58d2eb0@mail.gmail.com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <45AFE40A.7070605@web.de> <f04913100701190228s7f309869v8f9f644bd58d2eb0@mail.gmail.com> |
| Resent-date: | Fri, 19 Jan 2007 19:34:38 -0700 (MST) |
| Resent-from: | pen-test-return-1078483441@securityfocus.com |
| Resent-message-id: | <20070120023438.C37411626F6@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| Sender: | jamie.riden@gmail.com |
On 19/01/07, Julien <prospi@gmail.com> wrote: Hi, So for you, the only possible attack is to "brute force" the password interface ? I actually know that the used algo is AES... no more. The minimum password length to use is 6 characters (including numbers and special characters..) If there were any easy attacks against AES, it wouldn't be AES, it would only be Rijndael :) Try picking a copy of Practical Cryptography (Schneier), but unless they've done anything dumb - like having insufficiently random initialisation vectors, or using ECB mode instead of CBC to encrypt - it's probably not going to get you very far. (Hopefully they have used a decent crypto library like Botan or Peter Gutmann's one, and haven't rolled their own.) Cheers, Jamie -- Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com NZ Honeynet project - http://www.nz-honeynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Magic Quotes question, Justin Ferguson |
|---|---|
| Next by Date: | Re: Automated Nmap Scans / Front End, Ian |
| Previous by Thread: | Re: pent-test a container file, Julien |
| Next by Thread: | Re: pent-test a container file, Tim |
| Indexes: | [Date] [Thread] [Top] [All Lists] |