final php versions of fwPack and fwUnpack

Richard Gaskin ambassador at fourthworld.com
Wed Mar 3 22:18:00 EST 2004 

Mark Brownell wrote:

> On Tuesday, March 2, 2004, at 09:07  AM, Richard Gaskin wrote:
> 
>> As I mentioned in the article, I'm pretty ignorant on encryption, esp. 
>> compared to seasoned cryptohobbyists like Mark Brownell.  So here's a 
>> question I can't answer about my own code:
>>
>> If one were to try to characterize the relative strength of the "MDX" 
>> algorithm used in fwPack/fwUnpack, what phrase would be appropriate?
> 
> This is just too juicy to pass up. How about "Don't forget to drink your 
> chocolate flavored Ovaltene."

LOL! Maybe I'm more of an expert than I thought -- that's how I've been 
describing it. :)

>> For example, we hear about 128-bit encryption, but I couldn't find a 
>> primer dumbed-down enough to explain what that means in lay terms.
> 
> I need to see what controls there are for the "MDX" algorithm's 
> passwords length before I can determine the bit level.

Doesn't enforcing password length get into the public key/private key setup?

Is there a way to provide stronger encryption with the simplicity of a 
single password?

Your description on cypher block chaining was excellent -- thank you.

> So one way to stop the practicality of brute force attacks is to 
> deliberately put a one second delay on processing the algorithm. If your 
> application or CGI has a password input point then this one second delay 
> will make a brute force attack difficult.
> 
> 100,000,000 brute force attempts with a one second delay would take more 
> than three to four years on a single computer. It would take 1000 
> computers hitting your CGI continuously to get past half of the 
> possibilities in a single day or two. I doubt if that is even possible.

Comforting.  Last year I started adding one-second delays to most of my 
login stuff.

Thank you for the excellent post.  I learned more reading your one-pager 
than in an hour of prowling the 'Net.

-- 
  Richard Gaskin
  Fourth World Media Corporation
  ___________________________________________________________
  Ambassador at FourthWorld.com       http://www.FourthWorld.com

More information about the use-livecode mailing list