March 27th, 2002, 07:19 AM
If someone is sending info such as a credit card number across the internet that has been encrypted to the fullest, is there a way to break it quickly and how? Explain if you can, I'm trying to learn(I not goin to do it just tryin to safe). And also once you are in a secure site, is there any chance to monitor info coming in and out to possibly decrypt it without beening noticed? Holla
March 27th, 2002, 07:39 AM
Well im not much for encryption, but i think almost any encryption can be broken with time..... but then again most of these people dont have alot of time.
Overall, if u are putting your CC into a secure server i belive its safe
March 27th, 2002, 08:59 AM
The standard encryption algorithm used is pretty secure - it almost certainly doesn't meet military (DoD) standards, but the chances of you or I breaking it without access to a supercomputer are remote. And yes, you may be able to log some encrypted data, but this won't be of any use unless you have some inside information.
The real weaknesses are that your PC may be compromised (are you absoulutely sure you have never had any key logging software running on your PC?), or that the so called 'secure server' has leaked your data.
There have been a few cases recently (e.g. AOL) where CC information on the server has been made available to other people, almost certainly with the assistance of employees of the company.
CC info is not really that secret - in the UK if you a hire a decent private detective they can obtain CC info, credit ratings, criminal records, copies of birth cirtificates etc. etc.
My view is that sending CC info over the net is no more risky than giving CC details over the phone, or using your card in a store/restaurant etc.
March 27th, 2002, 09:44 AM
hmm two things..
Packet Sniffer and Decrypting
U sniff out the packets and decrypt them.. but it doesnt sound as simple as it seems..
March 27th, 2002, 03:12 PM
s0nic I wonder if you ever had tried sniffing a SSL connection :/
As darkes says, if your computer had been compromised before and a keylogger (key-stroke logger) was installed you might have problems.
There's a funny example for that in the book "Hacking Exposed" (1st edition) at page 155, I'll write that below, this is a screen shot taken from a keylogger;
The password for the bank vault is "opensesame." I will send you this message via our secure, encrypted modem so that no one will ever learn such an important piece of information. Encryption is foolproof!
March 27th, 2002, 05:48 PM
Just to elaborate on my previous post.
If you want to try and break an encrypted message then you would need to go through these steps.
1. Find out how the message is encrypted (easy for most private & commercial systems, but almost impossible for more sensitive systems)
2. Research/analyse it from a mathematical point of view - just because you are using a complicated algorithm does not mean that there is not a back door to reverse the process.
3. Look for human weaknesess, e.g. computers involved, people etc.
In todays world, 1. is a given for most private & commercial systems, and most of 2. is in the public domain. Speaking as someone with a maths degree I would be extremely surprised if there was any way of easily breaking PGP, for example.
3. is where the opportunity lies - key logging software being the easy option today, but more subtle approaches can work.
To give a classic example, some of the German traffic (ENIGMA) during WWII was broken because the operators sent out the same information at the start of every message. This information was used to drastically reduce the number of keys to search for by brute force.
March 27th, 2002, 07:33 PM
ANY encryption can be broken using different Frequency equasions and Junk filters.....
This method has been used for over 2000 year's ........but it was really slow then.....now...it's slower....
Without a really REALLY powerfull comp, there is little to NO chance that u'll be able to crack an encryption without knowing what encryption it is and maby some more inside info.....
As said earier, Compromisation is the moost dangerous......
aww well......good luck....
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
March 28th, 2002, 01:52 AM
There is one method of encryption that cannot be broken - the 'one time pad'.
This uses a very simple algorithm which effectively just transposes letters in the original message to something else, which has been used for the last few hundred years.
It depends entirely on the fact that both parties have access to the one time pad - by definition, it is only used once, and then destroyed.
If the one time pad is random (using pages from a book as a one time pad for example is not random), then it is impossible to decrypt, unless you obtain copies of the one time pad itself.
March 28th, 2002, 03:26 AM
Credit Card numbers...as you well know, are usually secured by 128-bit SSL encryption...which is a public-key type of encryption, meaning that YOU type the info into your computer, it is then encrypted WITH THE PUBLIC KEY (while still in your computer via a plug-in, or via a median server/host network)...then sent to the recieving server/network and decrypted using a DIFFERENT(the private) KEY. Two keys, one for encryption, one for decryption...and can't be interchanged. I am unaware of the reverse engineering capacity for 128-bit keys, but I imagine that it would take a huge amount of processing power to do it, if possible.
In order to acquire a key that is relative to the info you seek...you would have to do illegal things...(keyloggers, invasive packet sniffers, pass crackers, etc...)...and really none of those deal with the actual decryption of the encryption protocol...just a way to remotely break into and use the proper software to do it for you...
As far as the security of 128-bit encryption goes vs. the more primitive kinds goes, i'll quote an article by Dick Archer...
"40-bit key: the same as sending a letter in a plain, white envelope;
56-bit key: the same as sending a letter in a security envelope that is printed to prevent the contents from showing through;
128-bit key: the same as sending a letter in a lead-lined, 12-inch thick titanium safe transported by an armored tank with a convoy of a hundred armed guards"
A 128-bit key is approximately 309 septillion times larger than a 40-bit key...therefore that much harder to break...
The gov. uses 1024-bit keys for the 'red-button' type of transmissions as far as I know...
"entia non sunt multiplicanda praeter necessitatem"
"entities should not be multiplied beyond necessity."
March 29th, 2002, 08:11 AM
For Ourboros, has anybody in history been able to break a 1024 bit ecryption? Holla