|
|
|
|
|
|
by tcas
4605 days ago
|
|
|
That's true of stream ciphers, and if they reuse a nonce. It looks like they used 3DES which is for all intents and purposes here, immune to a this kind of attack. EDIT: If they use 3DES in a CTR mode then it could be vulnerable to this, but looking at the base64ed texts in the blog posts, they are multiples of 8 meaning it is almost certainly in a block cipher mode. Would be interesting to see if you can find any block similarities if they used ECB. |
|
|
So, say I have a two block password with '6aMjgZFLzYg' as the second block... when I just search for that block I see alot of hints that point to '123456789' as a password, implying the plaintext for that block is simply '9'. So now I believe the password is 9 characters long and ends with '9'.