[ubuntu-uk] Insurance.aes256 and OpenSSL

Paul Sladen ubuntu at paul.sladen.org
Tue Jan 4 10:38:25 UTC 2011

On Tue, 4 Jan 2011, Rowan Berkeley wrote:
> it should be possible to see the keyhole at least.

You can see the keyhole---but it unremarkable because it looks exactly
the same as any other keyhole.

What you can't see is any of the tumblers *in* the keyhole, or through
the keyhole to what is behind it, as that would be a security failure.

If you could get even a glimpse of either the make-up of the keyhole
or the contents that it is protecting, then you now have sufficient
plaintext or key leakage to start reducing the brute-force case into
something more practical.  Which is bad(tm).


More information about the ubuntu-uk mailing list