> http://community.websense.com/blogs/securitylabs/archive/2010/06/03/crypt=
o-analysis-in-shellcode-detection.aspx

Great blog and enjoyed the explanation herein especially SQL injection.
>

> The length of the key you
> have mentioned in your example is not that big, it can be find within few
> seconds for sure, maybe even less (using the xray technique I have
> mentioned in that blog, and of course if you have a good clear text to
> find).

The key in my example is small but is the same length as the message,
and as there is no clear text to find just passwords like  "Wcbhj41d"
therefore I think I can assume it would be very hard to crack.

I think the x-ray method breaks down in my example also.  But I will
keep this in mind if I were to use the same approach on longer
messages or messages with good clear text to find.

I wonder if there are any website where you can enter your url (or
test url) and offer a reward for a successful hack with explanation.
I would happily offer mine running test data.

> --
> int main() { char *a,*s,*q; printf(s=3D"int main() { char *a,*s,*q;
> printf(s=3D%s%s%s, q=3D%s%s%s%s,s,q,q,a=3D%s%s%s%s,q,q,q,a,a,q); }",
> q=3D"\"",s,q,q,a=3D"\\",q,q,q,a,a,q); }
> --

Has anyone asked about your signature block? I am curious.
--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.