Xor may be crack the NoPadding/CFB-AES encryption-
HelloLooks like a password can be discovered based on the numerical value of an old known password (using the same key).
For example
In case I have an obvious password: AAA
and I have the password enrypted form of bytes: crypt (AAA).
I can decrypt any password based on the result of the Xor of the clear and encrypted password: (AAA xor crypt (AAA))
BBB = crypt (BBB) xor (xor crypt (AAA) AAA)
It looks like a security problem.
Is this a bug of java or mine?
BTW, if you use AES/CFB8/NoPadding, this is not the case.
Here is the Code example:
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
public class MyTest
{
static SecretKey m_secretKey = null;
public static void main(String[] args)
{
try
{
MyTest test = new MyTest();
test.init();
test.encrypttionBreak();
}
catch (Exception e)
{
e.printStackTrace();
}
}
private void init() throws Exception
{
if (m_secretKey == null)
m_secretKey = KeyGenerator.getInstance("AES").generateKey();
}
private byte[] aesEncrypt(byte[] data, int mode) throws Exception
{
byte[] m_iv = new byte[16];
for (int i = 0; i < m_iv.length; i++)
{
m_iv[i] = (byte) i;
}
IvParameterSpec iv = new IvParameterSpec(m_iv);
Cipher cipher = Cipher.getInstance("AES/CFB/NoPadding", "SunJCE");
cipher.init(mode, m_secretKey, iv);
byte[] cipherInput = cipher.doFinal(data);
return cipherInput;
}
public void encrypttionBreak() throws Exception
{
String clearText = "aaaaaaaaaaaa";
byte[] cipherBytes = aesEncrypt(clearText.getBytes(),
Cipher.ENCRYPT_MODE);
byte clearBytes[] = clearText.getBytes();
byte xorKey[] = new byte[clearBytes.length];
for (int i = 0; i < xorKey.length; i++)
{
xorKey[i] = (byte) (clearBytes[i] ^ cipherBytes);
}
String password = "mypass";
byte[] passwordEncrypted = aesEncrypt(password.getBytes(),
Cipher.ENCRYPT_MODE);
byte breakFinal[] = new byte[passwordEncrypted.length];
for (int i = 0; i < breakFinal.length; i++)
{
breakFinal[i] = (byte) (passwordEncrypted[i] ^ xorKey[i]);
}
System.out.println("break final " + new String(breakFinal));
}
}
Edited by: sabre150 on 19-Aug-2011 02:37
Moderator: added [ code] tags to make the code readable. This is your bug, because you randomly pick a mode and a method without really understanding them. Just look at the definition of [https://secure.wikimedia.org/wikipedia/en/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29]
Now, look at what your function "crypt". You use a fixed iv for everything, we just label the IV. So crypt ('AAA') = AES (key, iv) xor "AAA". That's why crypt ('AAA') xor 'AAA' = AES (key, iv). You should be able to understand what crypt('BBB") xor xor crypt ('AAA')"AAA ".
Tags: Java
Similar Questions
-
[WRT160NL] Problem with the only AES encryption
Hello
I have problems after changing the shape of TKIP or AES to AES encryption. After that everything works OK for a few minutes, then I'm 100% loss when ping anything (including the router). After waiting a few minutes connection starts to work again, and everything is repeated. All the time I'm connected. If I reconnect everything works for a few minutes and then I'm once again, this situation. Return to TKIP or AES does not change this behavior until the reboot of the router. I've got second laptop computer connected through wired interface and it work without problem. My card is: Intel WiFi Link 5100. Settings on the router:
Firmware version: 1.00.01 B17 may 12, 2009
Network mode: wireless - n only
Channel width: wide angle: 40 MHz channel
Scale channel: Auto
Security mode: WPA2 Personal
Does anyone have similar problems? Any ideas?
Kind regards
Maciek
Try to re-flash the firmware on the router and re - configure the router from scratch. You can download the firmware from www.linksys.com/downloads.After re-flashing the firmware, reset the router for 30-35 seconds, power cycle the router and then re - configure from scratch.
-
Question
I can't access to sites such as Youtube or truckcam.tv , seems, the problem may be with the last Adobe flash and firefox as other browsers work I reinstalled both, but without success, even on the two desktop using Vista and laptop on Windows 7See:
-
Some of function boxes are elongated and may not reach the OK box
original title: Windows Vista - Control Panel customization to enlarge the font size. Some of function boxes are elongated and may not reach the OK box
Using Windows Vista. I used the customization Panel control to enlarge the font size. I discovered that some boxes, like Adobe Reader Print and function, in effect, the Personaization (to reduce the font size to original size) require a click OK. But the box frame with large font size, is elongated until I can't get the OK. How to get to the OK or reduce the size of the police without the OK?
Simply press enter instead of OK.
-
Original title: unable to system restore
After the unexpected stop down and try the system restore. I got up a window pops that says update my KASPERSKY anti-virus program, I do not have KASPERSKY. Another said unspecified changes "caudate root found" SYS CONFIG window may have caused the problem. Any ideas? I have Vista and Trend Micro Internet security
Hi JevenStulie,
1. are you able to boot into normal mode after receiving these error messages?
You can try these steps and see if it helps.
Step 1:
You can check if the problem occurs in safe mode with network.
Start your computer in safe mode
Startup options (including safe mode)
Step 2:
If you do not experience the problem in safe mode with network, then you can read the following article to download the Microsoft Safety Scanner and analysis complete on your computer.
Note: When you perform the analysis, there are chances of losing the data that you can take a backup of important data before performing analysis.
Hope this information is useful.
-
On my user account on my labtop when I click on a program, such as mozilla firefox, it happens 'windows cannot access the specified device, path or file. May not be the appropriate permissions for access you point. "This message appears for firefox, AVG, Windows live messenger, windows MediaPlayer etc.
I can access my documents, Panel etc. and everything is there, but it won't let me not get access to the programs.
Also when I go to click on itunes and open office it happens "this file has no program associated with it for performing this action. Create an association in the set associations Control Panel.
Given that I was able to access control panel, I was able to create a new user and use it for now to send this message and all programs have worked on it and I was able to check for the presence of viruses on the Avg on this and everything was clear.
Could you please explain whats wrong and tell me how to fix this please: D thanks
Hello
1. don't you make changes before the show?
2. is the computer is joined to the domain controller?
You can not start any application on a client computer that is joined to the domain controller. When you try to start this type of application, you receive an error message similar to the following:
"Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.This can also occur if the user account is damaged. If the computer is not connected to a domain controller, try the following steps.
1. connect to another user account and create a new user account to fix the damaged user account.
For more information about creating a new user account and the fixing corrupt user account, visit this link: http://windows.microsoft.com/en-US/windows-vista/Fix-a-corrupted-user-profile
Previous post the results in more detail, so that we can help you further.
I hope this helps.
Kind regards
Syed
Answers from Microsoft supports the engineer. -
I cracked the screen on my PC AIO 23
I cracked the screen on my PC AIO 23, product # is that h6u09aa #ABA, model # 23 - b320, can buy a replacement screen?
Thank you
Hello @mberry1799,
I understand that your computer screen is cracked and you want to replace. Looking for the part number is 693739-001 and unfortunately is not sold by HP more. You can search online for it and you will see many places where it is sold.
I hope that I have answered your question to your satisfaction. Thanks for posting on the HP Forums. Have a nice day
-
Original title: WEI
I recently did a full scan of the system with all the tools available and used windows manufacturer to scan the hard drive, HARD drive program. Everything is cleaned up and updated. I conducted an assessment of WEI, and the window said the analysis is complete, but advances seem to be about 95% and wrote "this could take a few minutes. Your screen may blink during the process. "It was about 20 minutes so far and the box on the bottom, said"Cancel ". I'm going to be it, but ask yourself what can be the issue. Any help/ideas would be appreciated.
Yes, I think that he / she forgot to mail the scanner :)
The link I posted has a Mr. fixit for me on this matter use you it?
You can scan with mbam free :/
-
You are looking for a way to set permissions of files on a folder so that users can view and copy the files out, but may not change the original file in the folder. They will have to copy the files in the folder to make changes and then copy a review of back in. Locally and on the network
Hello
- In Windows Explorer, right-click the file or folder you want to work with.
In the context menu, select properties and then in the Properties dialog box, click the Security tab.
In the name list box, select the user, contact, computer, or group to which you want to display permissions. If the permissions are grayed out, this means that the permissions are inherited from a parent object.
https://msdn.Microsoft.com/en-us/library/bb727008.aspx?f=255&MSPPError=-2147217396
-
Bought by mistake OEM install W7, may personal about the user install new HD anyway?
I installed two systems of W7 home & student DVDs in the past. This time I bought W7 Amazon seller, to learn that he needs tools to install OEM. Unfortunately MS provides the tool for registered companies only. Try to fix computer from a friend with a * new HD, before his departure Friday. Y at - it other than his back and starting over, options installation of any other clean? If this is not the case, this DVD need me? Thank you!
You may not use the OPK unless you are a system integrator that has an intention to actually sell the computer with Windows 7 OEM.
I understand your concern for wanting to stay in compliance, but using the OEM System Builder not having license will not not Microsoft Authorities come knocking at your door.
If you still want to have a peace of mind, you can try to reinstall Windows Vista by following the instructions below:
http://www.heidoc.NET/Joomla/technology-science/Microsoft/57-Windows-Vista-direct-download-links
-
Hello world
I know, there are several other threads on this topic, but I couldn't find a working solution. I currently have no OS on my DELL XPS 17 L702X. When I try to install from a USB stick bootable Windows 7 Home Premium x 64 I get this error message: windows cannot be installed on this physical drive of this computer may not support the start-up this drive make sure that the drive controller is enabled in the computer's bios menu.I've tried wiping HARD drive and reformat with GParted. I don't really know what I could do.I would be very grateful if you could help meHello
I suggest that you contact the manufacturer of the computer to change the BIOS settings and check if it is has updated the BIOS.
Important: BIOS change / semiconductor (CMOS) to complementary metal oxide settings can cause serious problems that may prevent your computer from starting properly. Microsoft cannot guarantee that problems resulting from the configuration of the BIOS/CMOS settings can be solved. Changes to settings are at your own risk.
Let us know the results. We will be happy to help you further.
-
My pavilion dm3 fell on one foot and cracked the screen. How can I get a replacement?
My pavilion dm3 fell on one foot and cracked the screen. How can I get a newn screen?
http://www.LaptopScreen.com/English/model/HP-Compaq/Pavilion~dm3-1039WM/
Choose matte or glossy, it's your choice.
http://h20574.www2.HP.com/default.htm?lang=en&cc=us&hpappid=psml
The second link is to HP media services library, make sure that you are connected to the instance before you click the link. Look at all the videos of the left column until you get to 'LCD cover hinges' some of the videos will be very obvious as "how to remove the battery.
It is a big job to remove the screen, so keep all the screws that are organized and make sure you are statically relieved before opening your machine.
It is best to not work on it where there is a thick carpet where one of the screws could be lost and where no child will disturb you.
Here is your service manual too, it developed both views, but the videos are the most useful.
-
Hello. I bought Lightroom, paid license 1 year view, did not have serial. And number and then past the 30 day trial and may not use the product or work more hard. I paid has been deducted from my credit card. How I'm going to work now?
Hi Sergior96769872,
I saw your Adobe ID (email address), you used to post on the forums, and I see an active subscription on it.
Please see Help below links: { make sure you use the same Adobe ID (email address) that you used to purchase the subscription }
Connect and disconnect activate Cloud Creative applications
Adobe Creative Cloud apps back in test mode after 2015 set CC to update
* NOTE: Make sure that your firewall of your computer or security software firewall does not block Adobe, if you are not sure of it can just disable the firewall for a while and then log off and log on creative application of cloud and check.
If it still gives you an error of the trial, then please refer to the troubleshooting listed below:
If you are using MAC:
1-force Quit the sub process in the same sequence as shown below from Activity Monitor: see, use the monitor activity on your Mac - Apple Support
- Creative cloud
- Basic timing & sync to basic support
- CC library & process CCX
- Adobe Common Desktop
- Adobe update daemon
- Broker CIB Adobe
- After that, everything that said adobe on it do a force quit for her
2 - right click on the Finder icon, then select the "Go - To" folder. You will get a text box, type in the following command and then press the 'return '. ("Not to be missed ~ symbol")
~/Library (it will open the folder of the user's library.)
3. browse to the Application Support > Adobe > trash OOBE folder and folder AAM Updater
4 - CUT any installed security software with firewall system.
5 - go to: Apple icon > system preferences > Security & Privacy > General > "allow applications downloaded on" change this anywhere (to make these changes click the padlock in the corner at the bottom left of this window and enter your computer password)
These changes are temporary you can restore these changes back to normal once your creative cloud app is running *.
6 - restart the cloud creative app and connect
If you use the WINDOW:
1 complete the process / Task Manager tasks in the same order, as mentioned below the Manager tasks. See, Open the Task Manager
- Creative cloud
- Basic timing & sync to basic support
- CC library & process CCX
- Adobe Common Desktop
- Adobe update daemon
- Broker CIB Adobe
- After that, everything that said adobe on it do a force quit for her
2 - C:\Users\
\AppData\Local\Adobe\ MAA UPDATER and two OOBE (App data & Program Data is hidden folder please see, Show files and folders hidden in Windows 7, 8.x, 10, or Vista) 3 - CUT any security software installed with firewall system, also if your having any browser Add On installed for blocking advertising that turn off too.
These changes are temporary you can restore these changes back to normal once your creative cloud app is running *.
4 - raise the cloud creative app and connect
Let us know if that helps.
-
I'm working on our catalogue on INDesign CC 2015, I have a links to my libraries, I worked every day without any problem. I work on a Mac and Win system, I put the file on my disk hard or on files of cc.
2 days ago, I opened the file and as a result with any missed links, when I tried to re-link on my library the program shown Indesign files missed this message "the file does not exist, you may not, or the file may be in use by another application", I contacted Italian cat Adobe they suggested me to change the name of the file I did but nothing happened, they suggested to create a new owner of the computer, but it did not work because I work within a team and the file is opened to others of collaboration. I have 333 links so what I shell do? Please help me, I have to finish this work, we need print it out as soon as possible.
I had this problem after an Indesign file that we've been working on the opening of my colleague. She has made a few changes and then when I went back to work on the file of the library of all the links were broken and I had him "you don't have to leave."
I've corrected the problems by opening Illustrator and rename the library. InDesign revived and everything from the library was connected properly.
-
I can't get Photoshop and Lightroom to download keep may not find the secure server?
I can't get Photoshop and Lightroom to download keep may not find the secure server?
Please read https://forums.adobe.com/thread/1499014
-try some steps such as changing browsers and disable your firewall
-also clear the cache of your browser if you start with a fresh browser
-check the file hosts for blocked entries https://forums.adobe.com/thread/1912777
Maybe you are looking for
-
could not activate iPad2 after upgrade to iOS 9.3
could not activate iPad2 after upgrade to iOS 9.3
-
Trouble with his video. Could not hear each other. Any suggestions
-
Tecra M1 and support external graphics resolution 1400 x 1050
Hello! Are there special drivers or solutions that support the resolution 1400 x 1050 on an external monitor with Tecra M1? Spec. I do not have this resolution too choose:Trident XP4m32 graphics controller. 32 MB of video memory DDRSupport of the ext
-
How to fix damaged BIOS on Satellite P300D?
Help! I have a Toshiba Satellite P300D - 21K laptop model PSPD0E. I made the mistake of multi-tasking and tried flashing the BIOS without giving to concentrate fully on the task. I tried the Toshiba site and put all the right letters and numbers in t
-
7510 photosmart all-in-one does not connect
Hello I desperately need help. My printer was working fine, then yesterday morning it just stopped. I couldn't get the wireless connecting once again, so I uninstalled, re-installed, downloaded and installed the new drivers. NOW, when I go to set up