[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vile] Some questions about the -k/-K options and encryption

From: Chris Green
Subject: Re: [vile] Some questions about the -k/-K options and encryption
Date: Thu, 15 Jan 2015 14:05:06 +0000
User-agent: Mutt/1.5.23 (2014-03-12)

On Thu, Jan 15, 2015 at 05:13:30AM -0500, Thomas Dickey wrote:
> | 
> | If you have a file in both encrypted and unencrypted form then, yes,
> | you can brute-force the password but there doesn't seem much point in
> | that!
> This appears to be what I recall - trying it yourself is the simplest way to 
> verify:
Yes, but it relies on being able to guess at least a *likely*
plaintext for the thing you're decrypting, see the description of a an
'automatic' version:-

        unixcrypt-breaker is an automated tool for breaking the
        encryption of the old unix crypt(1) utility. It can guess
        substantial portions of the plaintext without previous
        knowledge of the key.

        It is well-known that unix crypt provides only weak security.
        Existing software for breaking it includes the Crypt Breaker's
        Workbench ( Unlike the
        Crypt Breaker's Workbench, unixcrypt-breaker is fully
        automatic and does not require user interaction. Rather than
        relying on the user to guess likely plaintexts,
        unixcrypt-breaker uses a statistical model for guessing
        plausible plaintexts.

        To guess the plaintext correctly, unixcrypt-breaker must first
        be primed with a body of sample data (the "corpus") that is
        presumed to be similar to the unknown plaintext. For example,
        if the plaintext is assumed to be HTML data, then
        unixcrypt-breaker should be primed with a corpus of HTML data. 

So, if the 'text' file can't be guessed at, it isn't so easy to crack
a crypted file. Actually I'll try it on my files and see what it
produces.  I can then see how close (or otherwise) the bits of plain
text you give it have to be.

Maybe I need to keep my encrypted files in Polish or something! :-)

Anyway thanks for the pointers.

Chris Green

reply via email to

[Prev in Thread] Current Thread [Next in Thread]