Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: pent-test a container file

from [Jamie Riden] Network Security [Permanent Link]
Subject: Re: pent-test a container file
Date: Sat, 20 Jan 2007 08:58:18 +1300
On 19/01/07, Julien <prospi@gmail.com> wrote: 
Hi,

So for you, the only possible attack is to "brute force" the password
interface ?
I actually know that the used algo is AES... no more.
The minimum password length to use is 6 characters (including numbers
and special characters..)


If there were any easy attacks against AES, it wouldn't be AES, it
would only be Rijndael :)

Try picking a copy of Practical Cryptography (Schneier), but unless
they've done anything dumb - like having insufficiently random
initialisation vectors, or using ECB mode instead of CBC to encrypt -
it's probably not going to get you very far.  (Hopefully they have
used a decent crypto library like Botan or Peter Gutmann's one, and
haven't rolled their own.)

Cheers,
Jamie
--
Jamie Riden, CISSP / jamesr@europe.com / jamie.riden@gmail.com
NZ Honeynet project - http://www.nz-honeynet.org/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pent-test a container file, Tim
Next by Date:  Re: Automated Nmap Scans / Front End, Renaud Leroy
Previous by Thread:  Re: pent-test a container file, Tim
Next by Thread:  Automated Nmap Scans / Front End, tom jones
Indexes:  [Date] [Thread] [Top] [All Lists]