views:

234

answers:

3

How do brute-force attacks on encrypted data know when they've found the right key to decrypt the data? Is there a way to know that data's been decrypted, other than having a human looking at it? What if it's not human-friendly data?

+7  A: 

It depends on the encryption method. For instance, with RSA encryption, if you are looking for the private key you know you have found it when the public key is a multiple of the number in question.

tster
+7  A: 

Cryptanalysts hope to have known ciphertext and plaintext. A key which decrypts that ciphertext to that plaintext is certainly the right key.

Without known plaintext, the data's format must be known. For example, plaintext HTML contains tags. A phone directory plaintext contains phone numbers. And so on.

mcandre
...which is why you should write your ultra-super-secret messages in a secret private language *before* applying encryption. ;)...of course that language could still be deciphered, but it would make the job of cracking the messages a lot harder.
FrustratedWithFormsDesigner
... Or just encrypt multiple times. Incidently I'm finishing up Dave Brown's horrible book *Digital Fortress*
Adam Gent
@Adam Gent: Don't bother. Almost any other activity is more worthwhile.
FrustratedWithFormsDesigner
If you hate Digital Fortress, you'll also hate The Code Conspiracy. And the portion of Transformers where they decrypt and translate the Decepticon language.
mcandre
@Adam Gent encrypting multiple times is the same as a single complicated encryption -- it's an old concept, that was applied during the second world war (Enigma and friends)
Rowland Shaw
@Rowland Shaw I didn't say it was good idea :)
Adam Gent
+3  A: 

It depends on the algorithm. With many algorithms there is only one correct decryption key. When you have the key you can easily verify it is the correct key in polynomial time.

With some algorithms though it is impossible to know when you have the right key. All plain texts (of the correct length) could give the output. An example of such a scheme is a one-time pad with XOR encryption. However if a one-time pad is reused ciphertexts can be XORed with each other to remove the key and then the two plaintext messages can be extracted by using techniques such as frequency analysis to determine what sort of data it is and what the most likely decryptions are.

Mark Byers
+1 for one-time pads! ...though I thought they were called one-time pads *because* they couldn't be reused... or maybe they can but it's *strongly* recommended against.
FrustratedWithFormsDesigner
@Frustrated: If you reuse them they lose *all* that wonderful mathematically guaranteed security...
dmckee
If you reuse them, they are two-time pads.
Jacob
"When you have the key you can easily verify it is the correct key in polynomial time." How do they verify that it's the correct key? Is a brute force attack then simply verifying all possible keys?
Perhaps the most famous known reuse of one-time pads: http://en.wikipedia.org/wiki/Venona#Breakthrough
GregS