Author Topic: The current key.dat format is insecure.  (Read 3724 times)

I cannot understand a single thing you're saying.
what op says is not an actual issue worth crying over
salt encryption is worthless for blockland

does that work for you?

what op says is not an actual issue worth crying over
salt encryption is worthless for blockland

does that work for you?
If by "it works" you mean I understand it, yes. Of course it's not worth crying over. But salt encryption is not useless. You see, when you use a salt, every time the salt is different, that means that there's a different set of bytes that the key is xored with, making the attack that was (probably) used to get all those keys useless, so no the solution is not worthless.

However there IS a problem with this. Because the keyspace of the blockland key is larger than the keyspace of the actual encryption key, I fear that out of the around 250 encryption key combinations, only 1 or 2 of the decrypted plaintexts will consist only of valid key characters. That means that in total, the amount of effort required to crack a keydat would be lowered, and you wouldn't even need more than one keydat to crack them.

However that can be fixed. Since there are only 32 possible key characters, you can compress each character from 8 bits to 5 bits, which would leave you with 11 bytes instead of 17 and solves the problem listed above.
« Last Edit: November 09, 2014, 07:23:31 PM by Ipquarx »

If by "it works" you mean I understand it, yes. Of course it's not worth crying over. But salt encryption is not useless. You see, when you use a salt, every time the salt is different, that means that there's a different set of bytes that the key is xored with, making the attack that was (probably) used to get all those keys useless, so no the solution is not worthless.
from what everyone has been saying this attack cannot be performed externally. so the attack is as useless as ever.

salt encryption is a gift sent by god but for blockland it is worthless. worthless in the sense that its too much of a hassle to do for no actual gain other than maximum security which no one actually needs as the attack isn't anything spectacular.

all of this was probably aimed at 3rd party services like hosting. so yeah work on the security of your whole service rather than having badspot waste his time rewriting a ton of code for something that already works fine.

this new service that popped up by pecon is doing what bisjac brought up before with the service owner owning all the keys and putting them in a pool without people giving their own keys. that's a good system. if you know anything about what youre doing, you shouldn't have any intrusion problems.

all of this was probably aimed at 3rd party services like hosting. so yeah work on the security of your whole service rather than having badspot waste his time rewriting a ton of code
Computermix is the most infamous hacker in Blockland history. Do you really think it's Cowboy's fault?

Computermix is the most infamous hacker in Blockland history. Do you really think it's Cowboy's fault?
https://youtube.com/watch?v=FopyRHHlt3M

xalos went from having dramas to being comparable to that of ephialtes. this is really good.

xalos went from having dramas to being comparable to that of ephialtes. this is really good.
lmao wtf is this statement

xalos went from having dramas to being comparable to that of ephialtes. this is really good.
PFFFTT
>implying ephialtes didn't have dramas
>implying this raises xalos to being comparable to a professional hosting service provider's main person
>implying any of this is good
>implying xalos doesn't get dramas/'hate' currently

forget you, the key
Quote
ABCDE-FGHJ-KLMN-PQRS
DOES NOT WORK!!!!?!?!?!?!
Its a joke

all those "hacked" keys were still given by the owners to those who ended up with them.
the key's encryption isnt an issue. dont give your key and you wont lose your key.

you guys think badspot dosnt know he could alter the key.dat files to be harder to pull?
its irrelevant. thats why its not done.

stupid is as something something something
« Last Edit: November 12, 2014, 10:31:26 PM by Bisjac »

xalos went from having dramas to being comparable to that of ephialtes. this is really good.

No offense to Xalos, but he wasn't even close to the first person to know about this / figure it out. He just wrote a topic about it.