vile
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vile] Some questions about the -k/-K options and encryption

From: Thomas Dickey
Subject: Re: [vile] Some questions about the -k/-K options and encryption
Date: Thu, 15 Jan 2015 05:13:30 -0500 (EST) 
----- Original Message -----
| From: "Chris Green" <address@hidden>
| To: address@hidden
| Sent: Thursday, January 15, 2015 3:00:29 AM
| Subject: Re: [vile] Some questions about the -k/-K options and encryption

| > It's not really that hard.  I came across a curses-based program in
| > the 1990s
| > which let one work through the password (I might even have a copy,
| > but don't
| > recall its name :-)
| > 
| How does 'brute forcing' such a file work though?  Don't you need to
| have a piece of the 'answer' that you know is right as well as the
| encoded file before you can brute-force it?
| 
| To brute-force a password one does the following:-
| 
|     Guess the password
|     run it through crypt()
|     see if the result matches the entry in passwd/shadow
|     repeat as necessary
| 
| You can't do this with a file encrypted with vile/crypt, or I can't
| see how you could do it, as there are two unknowns - the unencrypted
| result *and* the password.  So, yes, you can run through trying
| zillions of passwords but how do you tell when you've got the right
| one?
| 
| If you have a file in both encrypted and unencrypted form then, yes,
| you can brute-force the password but there doesn't seem much point in
| that!

This appears to be what I recall - trying it yourself is the simplest way to 
verify:

http://axion.physics.ubc.ca/cbw.html

-- 
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]