On 26 June 2012 22:39, Justin Richards wrote: > For example if a password say "Wcbhj41d" was encrypted by xoring with > "anxorkey" giving "65JO8_=8C=3D". How would the program determine > "Wcbhj41d" was the solution if it ever found it. > There are quite a few attack techniques, for example clear text attack, dictionary attack, brute-force, social engineering, exploiting vulnerabilities etc. The brute-force is obvious, you try every single combination of keys possible. I hope I do not have to explain that the simpler and shorter the key is the easier to find it. The dictionary is good for login passwords for example when you are using simple words like "password" or "12345678" (you can use the entire British or other dictionaries as well to see if it works) Social engineering: Well, again, few techniques existing, the good old trick is to ask the user what is the password. For example on Mac, Linux and Windows 7 it is quite normal that the system asks the password to do some important maintenance -- so a program that puts a window very similar to these screens can ask you the password and 90% that you will type it in -- unless you are extra careful or paranoid or 007. Many people are re-using passwords, so that once you harvest a password on one system you have an access to all... Vunerabilities: Well if a software has a bug you may can use that bug to gain access. The most common technique is SQL injection where the programmer forgets to check input parameters and you can use this bug to give a special parameter that executes your own SQL commands. For example if a database checks the user password with this SQL command: SELECT sessionkey FROM userdb WHERE username=3D'$1' AND password=3D'$2'; then you may enter string something like: x' OR 1=3D1' so it will turn to: SELECT sessionkey FROM userdb WHERE username=3D'tamas' AND password=3D'x' O= R 1=3D1''; (maybe it is not correct as it is but I hope you got the point) Anyway, if you get the session key then you are done, you can have the full access... Clear text attack: When you know a chunk of text that should be in the database and you try to find that using some mathematical fundamentals. How easy is to break an XOR encryption? It can be super easy and very hard at the same time. For a super easy, here is a blog I wrote 2 years ago, do not be scared about the subject, but it describes the very basics: http://community.websense.com/blogs/securitylabs/archive/2010/06/03/crypto-= analysis-in-shellcode-detection.aspx How it can be very hard? Take this: You have a 1k byte long text, and a 1k long totally random byte stream. You use this totally random byte stream as an encryption key, and as long as: 1. You do not use this random key stream more than one, and 2. No one else can access to the key, and 3. The key is totally random, not just pseudo random then this is the absolute best encryption you can dream of -- better than RSA, better than AES, Twofish or anything else. The length of the key you have mentioned in your example is not that big, it can be find within few seconds for sure, maybe even less (using the xray technique I have mentioned in that blog, and of course if you have a good clear text to find). Tamas > > Justin > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > --=20 int main() { char *a,*s,*q; printf(s=3D"int main() { char *a,*s,*q; printf(s=3D%s%s%s, q=3D%s%s%s%s,s,q,q,a=3D%s%s%s%s,q,q,q,a,a,q); }", q=3D"\"",s,q,q,a=3D"\\",q,q,q,a,a,q); } --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .