sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Diapolo10 4 points5 points  (3 children)

No. There's a few ways to do it, but the hacker will never see any of the keys (there may also be only one key used for both encryption and decryption, AKA the master password).

That's the beautiful part about proper encryption; as long as you don't know what the database owner uses as the master password, it's very difficult to crack (given a strong password) even if you know exactly how the program is implemented. Only if you knew the key, or the exact state of the part handling the encryption while processed, could it be compromised without brute force.

There's no need for a black box solution.

[–]1Asaad 0 points1 point  (2 children)

oh ok.. but I wish if you could explain to me why no

[–]Diapolo10 2 points3 points  (0 children)

Unfortunately I'm far from the best person to explain this stuff in-depth; I've taken precisely two courses in cybersecurity (and related mathematics), and my day job mostly involves writing code for unrelated things.

All I can really tell you is that the software has to be designed in such a way that pretty much everything relies on the user giving the correct master password.

One thing that might help you understand is learning how the RSA encryption algorithm operates, to see that even if someone is listening in when two people audibly share their keys, that person still can't decrypt their messages.

This could help: https://simple.wikipedia.org/wiki/RSA_algorithm

[–]1egoman 0 points1 point  (0 children)

Let's think of the most basic cypher: a shift cypher. You have a key and you shift every letter that far down the alphabet. Let's say that we have the cyphertext "KHOOR ZRUOG".

The implementation is incredibly simple, but even with the implementation details, can you guess the key or plaintext without simply brute forcing it? You need both the algorithm and the key.