Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Funny problem about symmetric encryption

Reply
Thread Tools

Funny problem about symmetric encryption

 
 
Alexandre Oberlin
Guest
Posts: n/a
 
      11-14-2006
Hi all,

I have a file encrypted with GPG symmetric encryption (CAST5). The
passphrase had been given on command line (no keyring used).
I happen to have the original file as well.
I guess not but: is there a way to retrieve the passphrase that I used
to encrypt the file ?

Thanks for any suggestion,

AO


 
Reply With Quote
 
 
 
 
Stachu 'Dozzie' K.
Guest
Posts: n/a
 
      11-14-2006
Zawartość nagłówka ["Followup-To:" comp.os.linux.security.]
On 14.11.2006, Alexandre Oberlin <(E-Mail Removed)> wrote:
> I have a file encrypted with GPG symmetric encryption (CAST5). The
> passphrase had been given on command line (no keyring used).
> I happen to have the original file as well.
> I guess not but: is there a way to retrieve the passphrase that I used
> to encrypt the file ?


Assume that there is way to retrieve passphrase. What then would be
encryption for?

And remember to set Followup-To: header when crossposting.

--
<Kosma> Niektórzy lubią dozziego...
<Kosma> Oczywiście szanujemy ich.
Stanislaw Klekot
 
Reply With Quote
 
 
 
 
Mike Anonymous Coward
Guest
Posts: n/a
 
      11-15-2006
On Tue, 14 Nov 2006 18:36:16 +0100, Alexandre Oberlin wrote:

> Hi all,
>
> I have a file encrypted with GPG symmetric encryption (CAST5). The
> passphrase had been given on command line (no keyring used).
> I happen to have the original file as well.
> I guess not but: is there a way to retrieve the passphrase that I used
> to encrypt the file ?
>
> Thanks for any suggestion,
>
> AO


You are hoping for a "known plaintext attack",
and it does make it easier to crack the key,
but it will probably still take a LOT of work.
.... try the sci.*crypto* groups and work for years...

You are trying to defeat the very point of crypto.
Good luck.
Brute force on a short key is your best hope in the short term.
 
Reply With Quote
 
Ludovic Joly
Guest
Posts: n/a
 
      11-15-2006
> I guess not but: is there a way to retrieve the passphrase that I used
> to encrypt the file ?


You need to attack the passphrase, ie try to find it by trying some
passphrases and see if you can decrypt the file.

Without any advantage, the issue of the attack depends on the strength
of the passphrase.

Since you seem to be the one who originally set the passphrase, you can
think of how you build (or used to build) passphrases: do you use a
particular method, like using a well known sentence, replacing some
letters with numbers, or any other possible method? Such a reflexion
might allow you to define one or several algorithms to construct
(potentially very big) lists (dictionaries) of passphrases to test.
Such an "intelligent" dictionary attack has more chances to be
successful than a brute force attack. And who knows? Maybe you remember
the passphrase?

Kind regards
Ludovic

 
Reply With Quote
 
Alexandre Oberlin
Guest
Posts: n/a
 
      11-15-2006
Mike Anonymous Coward wrote:

> You are hoping for a "known plaintext attack",
> and it does make it easier to crack the key,
> but it will probably still take a LOT of work.

I read on http://bent.latency.net/crypto/crypto-summary.html.gz
that "known plain text" does not help a lot with good symmetric ciphers.

I am getting ready to forget about a month of saved notes, but what is
exasperating is that I don't understand what happened, so it could very
well happen again.


The best evidence of intelligent life out there, is that none of them
have contacted us.
-- Anonymous

Alexandre Oberlin
http://www.migo.info/
 
Reply With Quote
 
Alexandre Oberlin
Guest
Posts: n/a
 
      11-15-2006
Ludovic Joly wrote:
>> I guess not but: is there a way to retrieve the passphrase that I used
>> to encrypt the file ?

>
> You need to attack the passphrase, ie try to find it by trying some
> passphrases and see if you can decrypt the file.
>
> Without any advantage, the issue of the attack depends on the strength
> of the passphrase.
>
> Since you seem to be the one who originally set the passphrase, you can
> think of how you build (or used to build) passphrases: do you use a
> particular method, like using a well known sentence, replacing some
> letters with numbers, or any other possible method? Such a reflexion
> might allow you to define one or several algorithms to construct
> (potentially very big) lists (dictionaries) of passphrases to test.
> Such an "intelligent" dictionary attack has more chances to be
> successful than a brute force attack. And who knows? Maybe you remember
> the passphrase?
>


Well I did exactly that: tried some thousands of possible typing errors
from the passphrase that I currently use for such things (mixed letters
and digits from an azerty keyboard).
Yet the mystery persists...
I have been wondering if there was not an obscure keymap related problem.

Thanks for your hints,

AO


--
The best evidence of intelligent life out there, is that none of them
have contacted us.
-- Anonymous

Alexandre Oberlin
http://www.migo.info/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cmp and sorting non-symmetric types Adam Olsen Python 5 11-14-2007 09:21 PM
UrlEncode - UrlDecode problem: not symmetric lookaround ASP .Net 1 03-15-2007 11:29 AM
Gigabit symmetric broadband... Bling-Bling NZ Computing 41 04-26-2005 10:15 PM
Symmetric encryption using password Bernie ASP .Net Security 0 07-15-2004 09:38 AM
Frequency Doubler in VHDL with symmetric duty cycle Gazelle VHDL 0 11-12-2003 07:35 PM



Advertisments