How do brute-force attacks on encrypted data know when they've found the right key to decrypt the data? Is there a way to know that data's been decrypted, other than having a human looking at it? What if it's not human-friendly data?
views:
234answers:
3
+7
A:
It depends on the encryption method. For instance, with RSA encryption, if you are looking for the private key you know you have found it when the public key is a multiple of the number in question.
tster
2010-06-16 18:23:43
+7
A:
Cryptanalysts hope to have known ciphertext and plaintext. A key which decrypts that ciphertext to that plaintext is certainly the right key.
Without known plaintext, the data's format must be known. For example, plaintext HTML contains tags. A phone directory plaintext contains phone numbers. And so on.
mcandre
2010-06-16 18:24:12
...which is why you should write your ultra-super-secret messages in a secret private language *before* applying encryption. ;)...of course that language could still be deciphered, but it would make the job of cracking the messages a lot harder.
FrustratedWithFormsDesigner
2010-06-16 18:26:45
... Or just encrypt multiple times. Incidently I'm finishing up Dave Brown's horrible book *Digital Fortress*
Adam Gent
2010-06-16 18:29:09
@Adam Gent: Don't bother. Almost any other activity is more worthwhile.
FrustratedWithFormsDesigner
2010-06-16 18:31:05
If you hate Digital Fortress, you'll also hate The Code Conspiracy. And the portion of Transformers where they decrypt and translate the Decepticon language.
mcandre
2010-06-16 18:41:12
@Adam Gent encrypting multiple times is the same as a single complicated encryption -- it's an old concept, that was applied during the second world war (Enigma and friends)
Rowland Shaw
2010-06-16 18:45:33
@Rowland Shaw I didn't say it was good idea :)
Adam Gent
2010-06-16 21:07:55
+3
A:
It depends on the algorithm. With many algorithms there is only one correct decryption key. When you have the key you can easily verify it is the correct key in polynomial time.
With some algorithms though it is impossible to know when you have the right key. All plain texts (of the correct length) could give the output. An example of such a scheme is a one-time pad with XOR encryption. However if a one-time pad is reused ciphertexts can be XORed with each other to remove the key and then the two plaintext messages can be extracted by using techniques such as frequency analysis to determine what sort of data it is and what the most likely decryptions are.
Mark Byers
2010-06-16 18:28:45
+1 for one-time pads! ...though I thought they were called one-time pads *because* they couldn't be reused... or maybe they can but it's *strongly* recommended against.
FrustratedWithFormsDesigner
2010-06-16 18:29:29
@Frustrated: If you reuse them they lose *all* that wonderful mathematically guaranteed security...
dmckee
2010-06-16 18:34:24
"When you have the key you can easily verify it is the correct key in polynomial time." How do they verify that it's the correct key? Is a brute force attack then simply verifying all possible keys?
2010-06-16 21:23:49
Perhaps the most famous known reuse of one-time pads: http://en.wikipedia.org/wiki/Venona#Breakthrough
GregS
2010-06-16 22:43:54