Cryptography Reference
In-Depth Information
create, there shouldn't be a lack of material, as opposed to World War
II when characters had been typed manually. With a file the size of one
Mbyte, it is no longer helpful to change the key regularly — one Mbyte
is enough for statistics.
It might even be possible to mount a plaintext attack. There are many
possibilities to do just that. Look at the following realistic approach:
the staff in an office produce documents by given guidelines, including
the mandatory use of specific style files or macro files. The entries in
the file created are considerable; in fact, they can amount to umpteen
Kbytes (together with all other style data, my letterhead in WordPerfect
is 22 Kbytes long). It's just a question of recovering the remaining Kbytes
of confidential text ...
However, the bombing of light buoys (Chapter 2) went out of fashion.
There are better methods today.
Testing for probable words is another special plaintext attack. In this
case, all we know (or guess) is that a certain word occurs in the text, and
perhaps we even know roughly where. We could start a plaintext attack
for any possible position to recover the key, or at least part of it. We
try to limit the number of possible positions by means of other methods,
e.g., the negative pattern search described in Section 3.4.1.
We could arbitrarily include other information about the plaintext in our
analysis. Section 3.6.4 shows several examples.
Not least, every program that poorly implements a good algorithm offers
the cryptanalyst welcome vulnerabilities. Imagine that a 'dead secure'
software package for encrypted data communication stores your key on
the hard disk of a DOS or Windows computer, perhaps even without you
knowing! (Or the encryption is faked. I noticed a curious example under
Microsoft Word 6.0, when the text parts themselves obviously remained
unchanged by 'protecting the file'.) Such mishaps are bound to happen
when a programmer knows nothing about cryptology.
Finally all kinds of ciphering errors make an attacker's life easier; see
Figure 3.1. Since ciphering errors always happen in practice, there is only
one way out, namely to prevent them from within the program. Therefore,
a good algorithm always has to be resistant to plaintext attacks. Keys
should be created by a program.
These are all rather blurred statements. Things will get more specific from
the next section onwards. However, there is no general-purpose recipe as to
Search WWH ::




Custom Search