Path: utzoo!attcan!uunet!mcvax!ukc!etive!hwcs!zen!jules From: jules@zen.co.uk (Julian Perry) Newsgroups: comp.mail.elm Subject: Re: Mail Encypherment Message-ID: <1333@zen.co.uk> Date: 18 Jul 88 08:26:20 GMT References: <2085@hplabsz.HPL.HP.COM> Reply-To: jules@zen.UUCP (Julian Perry) Organization: Zengrange Limited, Leeds, England Lines: 38 In article <2085@hplabsz.HPL.HP.COM> taylor@hpdstma.hp.com (Dave Taylor) writes: >..... >That is, if someone *really* wants to read your email, either >along the way or once it's arrived, then they *can* do so. The >`cryptbreakers workbench' package is widely available, for >example, and it is reputed to be able to break the crypt(1) >function that is shipped with Unix (crypt is a partial implementation >of the DES encryption algorithm, using a shorted [simpler] 52 bit >key rather than the original [as designed at IBM] 64 bit key. BTW: >I once talked to Dennis Ritchie about whether the simpler >implementation was a `plot by the NSA' as widely believed and >he laughed...) About the crypt-breakers workbench ...... I played with this little tool for a few days and had some fun with it. It seems to work fairly well but it relies on some knowledge of what is in the text being decrypted at least that's as far as I got with it. The user supplies a list of words and it tries to find them and you slowly build up the complete text. This method of decryption can easily be foiled by compressing (using compress, pack, compact or any other similar routine) the text before encrypting it. I'm sure this does not make it impossible to decrypt but it makes it one hell of a lot harder and as far as I know well beyond the bounds of the casual hacker - even if s/he does have the crypt-breakers workbench. Why not send encrypted mail as: compress - crypt - uuencode >Dave Taylor Jules -- IN-REAL-LIFE: Julian Perry E-MAIL: jules@zen.co.uk || ...!uunet!mcvax!ukc!zen.co.uk!jules PHONE: +44 532 489048 ext 217 ADDRESS: Zengrange Limited, Greenfield Road, Leeds, England, LS9 8DB