[ubuntu-uk] Insurance.aes256 and OpenSSL
Rowan Berkeley
rowan.berkeley at gmail.com
Tue Jan 4 12:20:25 UTC 2011
Simon Greenwood <sfgreenwood at gmail.com> wrote:
> On 4 January 2011 10:15, Rowan Berkeley <rowan.berkeley at gmail.com> wrote:
> > On Tue, 2011-01-04 at 08:02:03 +0000,Sean Miller <sean at seanmiller.net>
> > wrote:
> > > On 4 January 2011 07:45, Rowan Berkeley <rowan.berkeley at gmail.com>
> > > wrote:
> > > > I have the file itself, and the default OpenSSL packages for 10.04,
> > > > but OpenSSL is a command line application and I wonder if anyone
> > > > could tell me what to type into the terminal in order to at least
> > > > inspect the file and gain some information about it.
> > > Well, it's encrypted so you'd need to know the encryption key (aka
> > > "password") to inspect the file... if you don't, you can't. Or am I
> > > misunderstanding something? Sean
> > I don't know much about cryptography, but if I could compare the
> > situation to a box with a lock on it, it should be possible to see the
> > keyhole at least. Thus, I would expect it to be possible to look at the
> > file and say, yes, this is a text file encrypted with AES256, and it
> > requires a password of x characters to open it. R
> The encryption key will show how the file has been encrypted but certainly
> not the length of the password, which would be an open attack vector.
There
> are tools in the OpenSSL toolkit that validate encrypted files without
> providing any identifying information.
I've looked at the toolkit documents at http://www.openssl.org/docs/
and they're all way over my head. What I originally had in mind was
something I could put into the terminal for a given location, e.g.
/home/rowan/Documents/Insurance.aes256 which would do just that: validate
it. R
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20110104/ed6890f8/attachment.html>
More information about the ubuntu-uk
mailing list