Ray
July 24th, 2005, 02:21
Hello to all,
I am reading a book these days and there is an example program(Crypto) in it that goes like this:
encrypt
======
1) get password & filename from user
2) calculate sha-160 on password
3) calculate md5 from sha-160 hash
4) calculate 3des from sha-160
5) encrypt file with 3des, and save somewhere on file header the md5 hash
so, when the user wants to decrypt the file it calculates and compaires the md5 hash of the password and compaires it with the stored one in the encrypted file. If its the same then it means its the correct pass.
so, i was wondering
- How strong is this kind of protection??
- What are the possible & best attacks someone can use to find the pass, or decrypt the file??
Keep well,
Ray.
I am reading a book these days and there is an example program(Crypto) in it that goes like this:
encrypt
======
1) get password & filename from user
2) calculate sha-160 on password
3) calculate md5 from sha-160 hash
4) calculate 3des from sha-160
5) encrypt file with 3des, and save somewhere on file header the md5 hash
so, when the user wants to decrypt the file it calculates and compaires the md5 hash of the password and compaires it with the stored one in the encrypted file. If its the same then it means its the correct pass.
so, i was wondering
- How strong is this kind of protection??
- What are the possible & best attacks someone can use to find the pass, or decrypt the file??
Keep well,
Ray.