hi, i don't know if i will answer your question, but i will give some tips
about security...
the point about decrypt is crypt lists, reverse engeneer and many others
solutions to decrypt informations
i didn't remember the name, maybe rainbow list or something like it is a
normal feature used with hash functions
a salt is very interesting since the list without salt is normally 'weak',
because anyone could create a list with a
for(i=0 to infinity)
crypted value (i) = crypt function ( i )
and yes, many guys create this lists... it's nice, and it's a problem...
maybe you lost your password some day and found it in the list and ! now
you have your password back !
about file decrypt, the "attacker" will try to decrypt a small part of file
or the full file, normally when i try to decrypt i know +- what file have
(a know file structure) in this case if the file is a image for example, or
a zip file, i will try to run a program to decrypt and only check if the
magic numbers of that know file structure is found, it's a way to hack a
crypt, it take many time (maybe never happen), but it's a easy to
understand strategy... there's more features about crypt/decrypt but i will
give a superficial idea only...
in real world, a salt is important, some users use a MD5('salt' +
MD5(password + 'salt2')) to ensure that the password isn't listed in a list
or another hash/crypt function...
well in my option (not statistic, but real world use cases) it's just a
placebo, the point here is...
if someone want your information, restrict the time he can try to
read/access your information... example...
a login system, should allow a 5 wrong logins, after this block by 5
minutes, after more 5 wrong logins block for more 10 minutes... it's like
iphone screen lock, the attacker can have a very big high optimized cluster
to extra world solutions, but it only have 5 tryes to know the password / 5
minutes... well sorry attacker i could do the same job with my cellphone
and maybe know the right password ... that's not the case if attacker know
more informations about user password (her name, wife name, child name,
birthday, first car, pet names, etc...)
again, the problem is: don't allow a intensive access to your information,
if this occur check if the user have permissions to do this, if not block
it with a pre fixed time and contact user... the user should ask about
permission to admin, and admin could add more permission to user.... that's
the 'right way' to add security to any system
i don't know if this help you, but these are some tips about security and i
didn't checked if i answered your question :P sorry
maybe i talked something wrong, it just a idea i didn't checked the
normalized ideas (there's some information at FBI docs about forense it's
nice to read...)
bye
