Re:Task 2 Wednesday, 10-Feb-99 18:38:46
To figure out how the self-extracting file compares the encrypted password with the password we entered: Well, that's all done through the crc check. The crc of the decrypted file is checked against the stored crc and if they match then the password must have been right. This is actually a nice one-way hash type function and reminds me of the password check for unix systems using DES. Basically that encrypts a zero string with the password as the key. This is reversible as far as decrypting the string given the key goes, but you can't recover the key in DES given the encrypted and decrypted text. So you check if a password is correct by repeating the encryption and checking the encrypted text. Nice one-way functions effectively. What this means for us is that- firstly there are only 2^32 possible crc's and yet there are 2^96 key states in the PK algorithm. So some keys will pass the tests and yet fail to decrypt properly.... Also, you can make the key as long as you want with PKzip but you will never get anything better than an effective 96bit algorithm, which has certain weaknesses. So we need only try all the keys to a certain length. Beyond this length they will repeat. Cronos Cronos |
My Progress (Cronos) (10-Feb-99 18:22:45) |