On Aug 11, 2010, at 6:50 PM, tedd wrote:

> Hi gang:
> 
> Okay, a question to the Encryption/Decryption gurus out there.
> 
> If you were given:
> 
> 1. This encrypted string:
> 
> p3IVhDBT26i+p4vd7J4fAw==
> 
> 2. Were told it was a social security number (i.e., in the form of 
> 123-45-6789).
> 
> 3. And it had been generated from this code:
> 
> $cipher = mcrypt_module_open(MCRYPT_TRIPLEDES,'','cbc','');
> mcrypt_generic_init($cipher, $key1, $key2);
> $encrypted = mcrypt_generic($cipher,$social_security_number);
> 
> 4. Where $key1 and $key2 are md5() values calculated from two different 
> security phrases.
> 
> 5. Where each security phrase contains multiple non-English words.
> 
> What would it take for you to break the encrypted string and decipher the 
> social security number? Can it be done? If so, how long?
> 
> And lastly, where would the "best" place to store these security phrases? 
> (Note: I didn't ask where would be the best place for me to put them.)  :-)
> 
> Cheers,
> 
> tedd
> 
> PS: No, the SS number in question is not 123-45-6789. :-)
> 
> -- 
> -------
> http://sperling.com/
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


Tedd-

Considering you can brute force the entire keyspace for Triple DES in under a 
few hours (without specialized equipment) I don't think it would take long.

Granted, I'm not an encryption expert. I look forward to hearing more.

Thanks,

-Josh
____________________________________
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to