[1181] in cryptography@c2.net mail archive
Re: MS Access 'known database attack'
daemon@ATHENA.MIT.EDU (Frank (Giff) Gifford)
Wed Jul 9 12:46:41 1997
Date: Tue, 8 Jul 1997 14:58:29 -0400 (EDT)
From: "Frank (Giff) Gifford" <giff@va.pubnix.com>
To: cryptography@c2.net
Repeated with permission...
On Tue, 8 Jul 1997, Mark D. Fisher [fish@nowhere.net] wrote:
>
> Ineresting.....By the way: according to what you say and what the included
> article says, it would seem to me that the key stream should cycle every
> 2048 bytes. Does it? If so it becomes even more trivial to break the
> encryption:
>
> (1) read in the db 2k at a time
> (2) XOR with the 2k constant (1st 2k of key stream)
>
> I suspect the executable to do this would not be much bigger than 2k :-)
>
> -Mark
>
No. Each 2K block is encrypted with a different key (my guess is that
it's the block number). So the stream you get is different for each
block.
When I was checking this some time ago the hard way (looking only at
encrypting known databases without any knowledge of the underlying
system), I determined that it was a stream XOR cipher. The stream
didn't repeat and the simple tests I tried on reconstructing the key
stream were unsuccessful. But knowing that it's RC4 explains much about
the encryption behavior.
This is where a poor implementation of encryption can give people a false
sense of security.
-Giff
