Cryptography Reference
In-Depth Information
created by a word processor (which word processor?); is it a compressed
file (which compression program?); is it a piece of recorded voice or
images? Each of these plaintexts has specific properties for which we
can test (have we achieved the goal?), and which we will exploit as
extensively as possible during the cryptanalysis.
Our attack will be much more difficult without this information. All
that's generally left to do is to try each of the text formats and see
what specific guess would allow us to mount an attack. This approach
requires extensive experience and the kind of software that is probably
not available on the Internet.
•
If we know the structure of the plaintext and find out that the method is
not particularly simple (i.e., not really Caesar, substitution, or Vigenere),
then we can look at the possible keys. There might not be that many pos-
sibilities. For example, there would be approximately 300 million possible
keys if, say, passwords were composed of only six uppercase letters. This
number won't pose any major problem to a fast PC. However, we have
to come up with a few very fast plaintext tests. We will expediently test
in several steps:
- To start with, let's test the first 100 characters of the 'plaintext' created
for forbidden characters.
- If this preliminary test was successful, let's test roughly for letter fre-
quencies.
- Next, we test for forbidden digrams.
- Then we run a comparison with a dictionary.
- Finally, we have to manually test the last 20 variants to see whether
or not they are meaningful.
This brute-force method is typically applied against the Caesar cipher.
You can test the text by simply looking at it. A statistical method that
also supplies the shift right away, and that can be automated would be
more elegant.
However, even the worst cryptologist understands so much of his trade
today to choose an astronomically large number of possible keys. If fewer
keys are used, then it is most likely one of the older methods, or there
is some intention behind it (e.g., because NSA so requested, or a crack
software vendor wants to make a living).
