[922] in cryptography@c2.net mail archive
Re: DES cracking is making real progress
daemon@ATHENA.MIT.EDU (Andrew Loewenstern)
Thu May 29 19:49:42 1997
From: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 29 May 97 17:53:42 -0500
To: Jyri Kaljundi <jk@stallion.ee>
Cc: Phil Karn <karn@qualcomm.com>, frantz@netcom.com, cryptography@c2.net
Jyri Kaljdni writes:
> So what they did was probably IDEAkey=md5hash(password) so
> they got 128-bit key from 6-digit number (should be 2^20 or
> so).
Probably? Not that I'm defending the Bank of Estonia, but how do you know
that the client and server don't do a DH key exchange, or something similiar,
and are using the 6-digit one-time password as an authenticator? If you
haven't looked at the source, groveled through the binary, or watched the
traffic between the client and server then you can't say anything for sure,
right?
andrew
