Together with a block cipher mode of operation you can generate something that is secure.
It requires a block cipher mode of operation to work. Are there other encryption methods that are better suited for this?.Is this normal behaviour for XTEA, or is there something wrong with the implementation I am using?.Can this be considered a weakness in my program? Or can I wash my hands by telling the users to use stronger passwords?.The users are idiots and the passwords are as weak and similar as the above examples.The attacker has decompiled the code, obfuscation won't do any good.Getting the encryption key can be a means but is not an end. The attacker is only interested in the plain-text.The attacker has no access to the encryption key and this key is sufficiently strong.The attacker has access to several encrypted passwords and salts.Patterns of the same character in a password.(Using q and w for readability, it's actually 2 illegible characters.) As you can see, for weak passwords this can reveal a lot of information that can make brute force or dictionary attacks against these passwords a lot easier: The output is something like: A: qqqwwwqqq I encrypt these with some key, then decrypt them with another key. I am not worried about an attack against the XTEA encryption, I am worried about an attack against the other systems that use the encrypted passwords. (I need to be able to decrypt these passwords later to log in on another system.) But now I have noticed something: if I decrypt a password using a different key I can still see some of the patterns in the plain text. I'm using XTEA to encrypt passwords that I store in a database.
0 kommentar(er)
