From owner-freebsd-questions@FreeBSD.ORG Tue May 26 23:41:26 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 274DC106566C for ; Tue, 26 May 2009 23:41:26 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ew0-f164.google.com (mail-ew0-f164.google.com [209.85.219.164]) by mx1.freebsd.org (Postfix) with ESMTP id A5F018FC18 for ; Tue, 26 May 2009 23:41:25 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: by ewy8 with SMTP id 8so701557ewy.43 for ; Tue, 26 May 2009 16:41:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:mime-version :content-type:content-transfer-encoding; bh=VlD8sODwWSnm3NbyXp5QNNVzxLxNGI2TEnWMSRLUT4g=; b=lcJ4HLBJUN1mjx4lA4gl0X/p9l0RbFXVXCQAqH7wHKS5tPBtShKmiE44of/cwUNJNA XzTaH6XUDOKnp4UEVubexY+ZmlFbQh3RUxjHsIJT938dPc587xaDU43gc+nrGARBZlf+ MWZmvlJmhXnyfQ0YIo31n2juPwZJaCW2EZsQ8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=wmu7w+U8IvYMFvRoHwuLcdbXHOFbzJwFSH6i76XrQbTBSxiY1YaXCqHjgmswrDSFp+ WwPugzqr6FuoxiKHfR41lVoFZco/KFa9u9Ct1zY+byLOJ9xm/Ei31Fpjp4tRp7F+A+1E 3dIk4EC2x0Kh7YC7Dq67ny/rDgIBqh/C+D8Cw= Received: by 10.210.42.13 with SMTP id p13mr894413ebp.48.1243381283354; Tue, 26 May 2009 16:41:23 -0700 (PDT) Received: from gumby.homeunix.com (bb-87-81-140-128.ukonline.co.uk [87.81.140.128]) by mx.google.com with ESMTPS id 7sm4808859eyg.17.2009.05.26.16.41.22 (version=SSLv3 cipher=RC4-MD5); Tue, 26 May 2009 16:41:22 -0700 (PDT) Date: Wed, 27 May 2009 00:41:19 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20090527004119.62822b41@gumby.homeunix.com> In-Reply-To: <20090526170210.GB75202@slackbox.xs4all.nl> References: <26face530905242257m7030933cy4a1171de7a06ee59@mail.gmail.com> <20090525190039.GA39139@slackbox.xs4all.nl> <43F89C0B-370E-4E29-9214-E447768C97A3@goldmark.org> <20090526170210.GB75202@slackbox.xs4all.nl> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.1; i386-portbld-freebsd7.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Secure unsalted or fixed salt symmetric encryption? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 May 2009 23:41:26 -0000 On Tue, 26 May 2009 19:02:10 +0200 Roland Smith wrote: > Or if you have the case of a 'known-plaintext' attack. It happens > more often than you would think: > [http://en.wikipedia.org/wiki/Known-plaintext_attack] > Note that using a random salt would be a good protection against such > an attack! Only if the passphrase is weak. If you don't use salt you can pre-compute a table that maps weak passphrases to a few bytes of of the ciphertext of a known plaintext first block. But if that passphrase contains sufficient entropy it's no cheaper than a brute-force attack against the cipher. A cipher that can't withstand that isn't worth using.