Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!henry
From: henry@utzoo.UUCP (Henry Spencer)
Newsgroups: net.crypt,net.unix-wizards
Subject: Re: crypt(1) -- how secure, how breakable? (addenda and errata)
Message-ID: <4597@utzoo.UUCP>
Date: Wed, 7-Nov-84 11:45:03 EST
Article-I.D.: utzoo.4597
Posted: Wed Nov  7 11:45:03 1984
Date-Received: Wed, 7-Nov-84 11:45:03 EST
References: <4342@utzoo.UUCP>, <4393@utzoo.UUCP>, <4466@utzoo.UUCP>
Organization: U of Toronto Zoology
Lines: 16

A friend has pointed out another aspect of using crypt(1) for file
security:  decrypting a file, editing it slightly, and then re-encrypting
it WITH THE SAME KEY probably makes life significantly easier for someone
trying to break the encryption.  The tail end of your file is probably
the same before and after, and you're giving the snooper a look at the
same text encrypted with two different parts of crypt(1)'s "key stream".
This may be quite revealing, although the exact extent of the security
reduction isn't immediately obvious.

He also points out that if you re-encrypt with a DIFFERENT key, you are
giving the cracker a look at the same text (the beginning of the file)
encrypted with two different keys.  Seems to me that this is less of a
problem, although I don't know enough about the details to be certain.
-- 
				Henry Spencer @ U of Toronto Zoology
				{allegra,ihnp4,linus,decvax}!utzoo!henry