| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 619.1 | | TLE::BRETT | | Thu Dec 03 1987 12:04 | 35 |
| Is ENCRYPT secure ? NO - a corollary of the answer to your next
question
Can an encrypted file be decrypted without using the key ? YES
If so, how ? TRY ALL POSSIBLE KEYS, USE STATISTICALLY ANALYSIS
OF THE RESULTING FILES TO DECIDE WHICH WAS MOST LIKELY
TO BE THE ORIGINAL...
Seriously, your questions show a basic lack of understanding of
enciphering technology. I believe you mean the DIGITAL supported
ENCRYPT product? It uses the DES - and with current technology
I have seen estimates that it costs around $10,000 to decrypt a message
after substantial ($xM) up-front costs in getting various bits of h/w
built and some precomputation done. I don't know of any companies
that are selling a "break any DES message" service yet - but I bet
both the US and USSR govts, and probably several of the European
govts. are capable of it. Some US guy who should know said he
wouldn't bet a plugged?wooden? nickel that the Russians couldn't
break the DES.
So the answer to your question is - security is a $ estimate, not
a straight Y or N answer. If the cost of breaking the message is
high enough, it becomes cheaper to bribe someone into telling you
what the key (or message) is - or break into their system and put
in a trojan horse that records all keys that ENCRYPT has been used
with.
How secure do you want your data to be?
/Bevin
|
| 619.2 | 64 only bit keys | HERON::GUILLAUME | Ren� Guillaume, NSTC Valbonne | Fri Dec 04 1987 03:49 | 7 |
|
Wasn't the fact that the US government wanted to have a fair chance
to decrypt any message, the reason for choosing a key length of "only"
64 bits (really only 56)?
Ren�
|
| 619.3 | | PASTIS::MONAHAN | I am not a free number, I am a telephone box | Fri Dec 04 1987 08:29 | 18 |
| The "all possible keys" is 2^56 of them, though this can be reduced
a little with some mathematical trickery.
I have seen estimates that a special purpose computer system could
be built for less than $50M. that would crack most DES encrypted
messages in less than a fortnight.
A commercial organisation would have to only decrypt messages that
it had obtained by legal means, since with only commercial security the
existance of such an installation could not be kept concealed
indefinitely. Also it would expect to show a reasonable return on the
investment. A criminal organisation might be less worried where it got
the messages, but would require a higher return on investment.
Cracking DES is no doubt feasible and practical for the NSA, KGB,
MI5 etc., but I would expect that between commercial organisations
there will be cheaper alternatives for a long time to come. Do you do
positive vetting on *everyone* who has access to your computer room?
|
| 619.4 | Re: .2 - YES | TOOK::MICHAUD | Jeff Michaud | Fri Dec 04 1987 18:36 | 0 |
| 619.5 | Encrypted Key In Process Table | BLITZN::ROBERTS | Peace .XOR. Freedom ? | Mon Dec 07 1987 15:44 | 11 |
| I suspect that another failure of VMS ENCRYPT is that it places the
encrypted key into the process logical table. If you have the
privilege to read someone else's process table, you might be able to
create an identical encrypted key for yourself - thus you could decrypt
an encrypted file without knowing the decrypted key.
I haven't tried this, but it seems feasible. Anyone done it?
/Dwayne
|
| 619.6 | | PASTIS::MONAHAN | I am not a free number, I am a telephone box | Tue Dec 08 1987 06:02 | 5 |
| If you have sufficient privilege to get at the logical name table
of another process (CMKRNL) then you can also get at the data before it
is encrypted or after it is decrypted.
There is no security against a privileged user on your system.
|