From: Walt Armour <walt@blarg.net>
Subject: RE: !! Point 'n Crypt -- Win95 Privacy for Everyone !!
Security through obscurity is no security at all.
As for PnC (actually, the scCryptoEngine beneath it), we get the 40 bits from the 56 bits by nulling out the high nybble of every other byte.
walt
---------- From: Peter Trei[SMTP:trei@process.com]
Would you mind telling us just how you expand the 40 key to the 56 bits needed for DES? (Security through obscurity has a bad rep on this list). For many methods of doing so, 40bit DES is NOT secure against a motivated individual's attack.
Peter Trei trei@process.com
Thanks for being so forthcoming! There are methods for using 40 bit keys that are a lot better than this. My contention stands: 50 200MHz Pentiums *WILL* crack this overnight. A single 100 MHz Pentium will do it in a month. (This assumes a known plaintext attack in EBC or CBC mode). Not utterly trivial, but well within the means of a motivated individual. Peter Trei trei@process.com