Score:0

Is possible to break the encryption on a password by this encryption?

ke flag

I wonder if it is possible to break the encryption on a password by such encryption:

enter image description here

Where E is the encryption function that uses a known public key of the server.

Ievgeni avatar
cn flag
Is it homework? What are $k, pwd$, and what does mean <>?
Score:1
my flag

I wonder if it is possible to break the encryption on a password

No, it is not possible to recover the value of pwd, unless the public key scheme used by the server is weak (or if you also have the server's private key).

Here is the demonstration of that: suppose you did have a method that, given $< E_s(k), k \oplus pwd >$, would recover $pwd$. Then, here is how you could recover the value $x$ given $E_s(x)$:

  • Select a random $r$

  • Create the pair $< E_s(x), r >$, and give it to your recovery method

  • The recovery method would return the value $x \oplus r$.

  • Since you know $r$, that gives you the original plaintext $x$.

Thus demonstrating that the public key method used by the server was weak.

Ruthie avatar
ke flag
Thank you so much! I have another question, suppose I encrypt in this way: <Es(k1 || k2),k1⊕pwd, k2⊕c> while c is a random string and k1, k2 are constants, is it possible now to recover my pwd?
poncho avatar
my flag
@רותיכהן: if $k_1, k_2$ are constants (that is, exactly the same for each encrypted password), then it would be possible to deduce the passwords given a list of encrypted passwords; given two encrypted passwords, you'd xor $k_1 \oplus pwd$ and $k_1 \oplus pwd'$, resulting in $pwd \oplus pwd'$; from that, you can deduce the various passwords (by relying on the nonuniformity of user-selected passwords)
Ruthie avatar
ke flag
first, thx again, about the first question now when I'm thinking about it I'm not sure why it is not possible to recover the pwd. I would be gratful for explanation! thank you again!!!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.