[Typo3-dev] OT: Encryption
S. Teuber
traveler_in_time at gmx.net
Tue Apr 6 11:51:41 CEST 2004
Hellas,
my two cents:
if the subject of encryption is an email-address that's displayed
in it's encrypted form on the site, a possible attacker who knows
this (i.e. has Typo-knowledge) could add his own email-adress,
fetch the encrypted version and use these two bits of information
(unencrypted plus encrypted string) to get the secret key, couldn't he?
Then again, if this algorythm is used just for the encryption of
public email addresses, who would make such an efford just to get some
addresses he could spam?
Anyway, the critical part is the length of the key. As soon as the key
is repeated to match the length of the string that has to be encrypted,
this method gets very weak and vulnerable to "statistical" attacks.
Sven
More information about the TYPO3-dev
mailing list