On 12 August 2010 02:07, Josh Kehn <josh.kehn@xxxxxxxxx> wrote: > On Aug 11, 2010, at 6:50 PM, tedd wrote: > >> Hi gang: >> >> Okay, a question to the Encryption/Decryption gurus out there. >> >> If you were given: >> >> 1. This encrypted string: >> >> p3IVhDBT26i+p4vd7J4fAw== >> >> 2. Were told it was a social security number (i.e., in the form of 123-45-6789). >> >> 3. And it had been generated from this code: >> >> $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc',''); >> mcrypt_generic_init($cipher, $key1, $key2); >> $encrypted = mcrypt_generic($cipher,$social_security_number); >> >> 4. Where $key1 and $key2 are md5() values calculated from two different security phrases. >> >> 5. Where each security phrase contains multiple non-English words. >> >> What would it take for you to break the encrypted string and decipher the social security number? Can it be done? If so, how long? >> >> And lastly, where would the "best" place to store these security phrases? (Note: I didn't ask where would be the best place for me to put them.) :-) >> >> Cheers, >> >> tedd >> >> PS: No, the SS number in question is not 123-45-6789. :-) >> >> -- >> ------- >> http://sperling.com/ >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > Tedd- > > Considering you can brute force the entire keyspace for Triple DES in under a few hours (without specialized equipment) I don't think it would take long. > > Granted, I'm not an encryption expert. I look forward to hearing more. > I'd love to see sources on how to bruteforce the entire keyspace for 3DES in under a few hours without knowing the three keys involved or the IV. Googling triple des gives you http://en.wikipedia.org/wiki/Triple_DES which among other things states "This is not currently practical and NIST considers keying option 1 to be appropriate through 2030." (keying option 1 being three independent keys as would be the case here). Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind BeWelcome/Couchsurfing: Fake51 Twitter: http://twitter.com/kafe15 </hype> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
