[ubuntu-uk] Insurance.aes256 and OpenSSL
Paul Sladen
ubuntu at paul.sladen.org
Tue Jan 4 10:38:25 UTC 2011
On Tue, 4 Jan 2011, Rowan Berkeley wrote:
> it should be possible to see the keyhole at least.
You can see the keyhole---but it unremarkable because it looks exactly
the same as any other keyhole.
What you can't see is any of the tumblers *in* the keyhole, or through
the keyhole to what is behind it, as that would be a security failure.
If you could get even a glimpse of either the make-up of the keyhole
or the contents that it is protecting, then you now have sufficient
plaintext or key leakage to start reducing the brute-force case into
something more practical. Which is bad(tm).
-Paul
More information about the ubuntu-uk
mailing list