[ubuntu-uk] Insurance.aes256 and OpenSSL

Simon Greenwood sfgreenwood at gmail.com
Tue Jan 4 10:35:15 UTC 2011

On 4 January 2011 10:15, Rowan Berkeley <rowan.berkeley at gmail.com> wrote:

> On Tue, 2011-01-04 at 08:02:03 +0000,Sean Miller <sean at seanmiller.net>
> wrote:
> > On 4 January 2011 07:45, Rowan Berkeley <rowan.berkeley at gmail.com>
> > wrote:
> > > I have the file itself, and the default OpenSSL packages for 10.04,
> > > but OpenSSL is a command line application and I wonder if anyone
> > > could tell me what to type into the terminal in order to at least
> > > inspect the file and gain some information about it.
> >
> > Well, it's encrypted so you'd need to know the encryption key (aka
> > "password") to inspect the file... if you don't, you can't. Or am I
> > misunderstanding something? Sean
> I don't know much about cryptography, but if I could compare the
> situation to a box with a lock on it, it should be possible to see the
> keyhole at least. Thus, I would expect it to be possible to look at the
> file and say, yes, this is a text file encrypted with AES256, and it
> requires a password of x characters to open it. R
The encryption key will show how the file has been encrypted but certainly
not the length of the password, which would be an open attack vector. There
are tools in the OpenSSL toolkit that validate encrypted files without
providing any identifying information.


Twitter: @sfgreenwood
"Is this your sanderling?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20110104/5d2f4ecf/attachment.html>

More information about the ubuntu-uk mailing list