[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vile] Some questions about the -k/-K options and encryption

From: Chris Green
Subject: Re: [vile] Some questions about the -k/-K options and encryption
Date: Thu, 15 Jan 2015 08:00:29 +0000
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Jan 14, 2015 at 07:55:27PM -0500, Thomas Dickey wrote:
> On Wed, Jan 14, 2015 at 07:36:27PM +0000, Chris Green wrote:
> > On Wed, Jan 14, 2015 at 08:28:43AM -0500, Paul Fox wrote:
> > > chris wrote:
> > >  > On Tue, Jan 13, 2015 at 06:39:34PM -0500, Thomas Dickey wrote:
> > >  > > On Tue, Jan 13, 2015 at 10:02:11PM +0000, Chris Green wrote:
> > >  > > > I am trying to make a few things slightly more secure on my 
> > > system.  
> > > 
> > > i'm sure you know this, but just in case...  if you're looking to do
> > > anything more simple obfuscation of your content, you should be using
> > > something much stronger than crypt.  gpg is a much better bet.  i
> > > haven't used vile's gnugpg.rc macros in many years, but i assume
> > > they're still functional/viable.
> > > 
> > Yes, I know its encryption isn't very strong but on the other hand I
> > think the way I'm using it makes it very unlikely to get broken.
> > 
> > Given a file and the knowledge that it might be encrypted with crypt()
> > what methods of attack are there?  It's not like a password where you
> > can brute force it by guessing lots of passwords until the result
> > matches the password file (well shadow file) entry.
> It's not really that hard.  I came across a curses-based program in the 1990s
> which let one work through the password (I might even have a copy, but don't
> recall its name :-)
How does 'brute forcing' such a file work though?  Don't you need to
have a piece of the 'answer' that you know is right as well as the
encoded file before you can brute-force it?

To brute-force a password one does the following:-

    Guess the password
    run it through crypt()
    see if the result matches the entry in passwd/shadow
    repeat as necessary

You can't do this with a file encrypted with vile/crypt, or I can't
see how you could do it, as there are two unknowns - the unencrypted
result *and* the password.  So, yes, you can run through trying
zillions of passwords but how do you tell when you've got the right

If you have a file in both encrypted and unencrypted form then, yes,
you can brute-force the password but there doesn't seem much point in

Chris Green

reply via email to

[Prev in Thread] Current Thread [Next in Thread]