Attacking Norton Encrypt
Paul J. Ste. Marie
pstemari at erinet.com
Fri Dec 23 22:25:28 PST 1994
At 09:52 PM 12/23/94 IST, rishab at dxm.ernet.in wrote:
>
>Regarding the simple question about Norton Encrypt's security (and ignoring
>the alt.relationship-counsellor interlude), I believe Norton uses DES (for
>'maximum security' or a 'fast proprietary' method for convenience. I don't
>think it has the usual errors (password stored in ciphertext etc), but a
>brute force attack on DES is beyond the means of most Norton users IAC.
Perhaps, but if the earlier post is accurate about it mapping UC to lc and
only accepting 8 characters of password, you've gone from a 56 bit keyspace
to a ~38 bit keyspace. A dictionary attack is certainly feasible--I don't
recall what speeds have been achieved for brute-forcing DES lately.
--Paul J. Ste. Marie
More information about the cypherpunks-legacy
mailing list