Cryptography Reference
In-Depth Information
•
Next, the encrypted text is read from the standard input
stdin
(lines 24
and 25); the first 16 bytes are discarded.
•
The big loop used to try all possible password lengths begins at line 27.
The most important calculation is done at line 30, where the ciphertext,
the known plaintext, and the 'number sequence' (top row in Figure 3.9)
are used to tentatively guess the key. The mathematical background is as
easy as it could be:
cipher = plain
⊕
key
⊕
number
(where
⊕
stands for XOR) becomes
key = cipher
⊕
⊕
number
plain (1)
•
We have to test to see whether or not we've been successful. We test
in lines 32 through 35: if the key created is not periodic, we certainly
weren't successful. We can only test for positions that contain known
plaintext. The trial has succeeded if there is no rejection.
•
Next, we want to reconstruct as much of the key as possible. The first
period alone may not supply enough information, since we normally
know only scraps of the plaintext. However, there might be a known
plaintext byte that reveals the character we are looking for in another
period. This is done in lines 41 through 50.
•
Some characters of the key still haven't been found yet. Let's use sta-
tistical methods. All right, this sounds high-flown: the thing is I noticed
that zero bytes occur in masses in the headers of WordPerfect files. You
can see the distribution of the first 1000 characters of this chapter (as a
WordPerfect file) in Figure 3.11.
37.50 %
'ˆ@' (zero byte)
20.60 %
'd'
13.10 %
'x'
5.50 %
'
<
255
>
'
3.10 %
'P'
2.10 %
'
<
254
>
'
2.00 %
'
<
140
>
'
Figure 3.11:
Distribution of the first 1000 characters in a special WordPerfect
file.
