[ubuntu-uk] Insurance.aes256 and OpenSSL

[Sean Miller]

On 4 January 2011 10:15, Rowan Berkeley <rowan.berkeley at gmail.com> wrote:

> I don't know much about cryptography, but if I could compare the
> situation to a box with a lock on it, it should be possible to see the
> keyhole at least. Thus, I would expect it to be possible to look at the
> file and say, yes, this is a text file encrypted with AES256, and it
> requires a password of x characters to open it. R
>

I think you may be oversimplifying this...  I do not see how you'd be able
to ascertain the number of characters at all, as the password would clearly
be encrypted itself...

Take md5, for instance...

mysql> select md5('hello') from dual;
+----------------------------------+
| md5('hello')                     |
+----------------------------------+
| 5d41402abc4b2a76b9719d911017c592 |
+----------------------------------+
1 row in set (0.00 sec)

mysql> select md5('this is a very long password') from dual;
+-------------------------------------+
| md5('this is a very long password') |
+-------------------------------------+
| d25dcb07b6b0d7d5ca6ee555d73a50ce    |
+-------------------------------------+
1 row in set (0.00 sec)

mysql>

>From those two strings you would not know that one was 5 characters and the
other significantly more, as the encrypted version is almost the same length
in both cases...

Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20110104/fe008544/attachment.html>