Cryptography Reference
In-Depth Information
was discarded. With a key length of up to 6 bytes, the key can be revealed
unambiguously; the complexity of the computation increases by a factor of 2
8
with every additional byte. A maximum of 2
48
tests are to be expected. This
corresponds to a 12-byte key that contains as many bits (96) as the internal
key. It is believed that there are cases where 13-byte keys represent the shortest
solution to the problem. However, a value of 2
48
strongly reminds us of DES
cracking, and that's a case for special hardware. But the key entered does not
have
to be computed, it is just the icing on our cryptanalysis cake.
The
pkcrack
Program
It is a remarkable achievement to 'cast' this algorithm in a program and then
make it available for free on top of it all. Many problems remain unanswered
in the original work, too, and even understanding them all won't make the
implementation any easier. I tend to think that this
pkcrack
program is the most
difficult among all free cryptanalytic software. In fact, AccessData don't even
have it in their product supply (see Footnote 1 in Section 1.2.2). Author Peter
Conrad from Germany deserves all respect for this work. Version 1.2 of his
program can be used as a 'black box'. It runs under UNIX (particularly Linux);
a special compiler can be used to run it under DOS. It requires 33 Mbytes
of virtual memory in the startup phase, but a physical 16-Mbyte memory is
normally enough.
I used
pkcrack
on an encrypted archive, knowing that it included a file 728 bytes
long. The computational effort was considerable: a DEC workstation with a
300-MHz alpha processor was busy breaking code for almost 6 hours. After
all this work, only one password was output — it was the right one. Things
would have been much faster had I used more known plaintext, though. The
workstation's performance corresponds to a very fast Pentium-Pro.
Since
pkcrack
is easy to use, and its technical details and installation are well
documented, I will spare you the details here. It is not excessively long (3000
lines in C) and written in a pretty compact way. Conrad uses the denotations
of the original work.
All files are encrypted with the same password in a
pkzip
archive so that it is
sufficient to know a bunch of 12 or 13 coherent bytes of
one
file from within
the archive to decrypt
all
files! These 12 or 13 plaintext bytes don't have to
be at the beginning of the known file; you only need to know their offset.
However, an attacker has to overcome yet another obstacle:
pkzip
normally
