Cryptography Reference
In-Depth Information
•
Information about the plaintext: Created by which program? What striking
properties?
•
Brute force: Trying the key space, if possible (important: quick testing for
correct plaintext).
•
Searching a reduced key space (common in practice; dictionary attack).
•
Plaintext attack: Fixed byte sequences in word processors; known formats of
database files, etc.
•
Testing for probable words (special plaintext attack, especially for short files):
experimenting, negative pattern search.
•
Exploiting additional information about the plaintext: compressed file, ASCII
text,
...
•
Exploiting any theory: In practice, it is usually a mix of algebra, number the-
ory, and probability theory; the remainder can be handled by experimenting.
•
Exploiting vulnerabilities in the implementation: Inept 'improvements' or
'simplifications' of an algorithm, but also keys stored in unsafe places, trans-
mitting a key in plaintext over an insecure network, etc.
Figure 3.3:
Potential vulnerabilities for the cryptanalyst to exploit.
how a cryptanalyst should proceed. Even with an algorithm as primitive as the
Vigenere method, cryptanalysis depends heavily on the plaintext expected so
that one single deciphering program will never cover all practically thinkable
cases. Nevertheless, people quite simply say that 'Vigenere was broken'.
The reason is that cryptanalysts may use any theory; the main thing is that it
leads to success often enough. Should their crack programs not find a password
occasionally — oh well, they can surely explain and get over it. The attacked
algorithm remains insecure all the same. In contrast, the cryptographer who
designed the algorithm is disgraced by one single successful attack. The cryp-
tographer would actually have to cover himself against
everything
during the
design, which is impossible, of course.
As long as complexity theory cannot supply provable minimum estimates of
the effort required for cryptanalyzing an algorithm, the 'cryptography versus
cryptanalysis' race will continue.
