• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Brute force attack

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
redred
Just Arrived
Just Arrived


Joined: 27 Feb 2004
Posts: 0


Offline

PostPosted: Sat Mar 13, 2004 4:11 pm    Post subject: Brute force attack Reply with quote

Does anyone knoe how to carry out a brute force attack even on ciphertext (letters). My problem is how to know when you've been successful. Obviously if you're successful you'll see the plaintext pop out but how do u program a computer to know when it has gotten the correct key and plaintext?
Back to top
View user's profile Send private message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Sun Mar 14, 2004 9:41 pm    Post subject: Traditional definition. Reply with quote

redred wrote:
Does anyone knoe how to carry out a brute force attack even on ciphertext (letters). My problem is how to know when you've been successful. Obviously if you're successful you'll see the plaintext pop out but how do u program a computer to know when it has gotten the correct key and plaintext?


Traditionally, a brute-force attack is a form of known-plaintext attack, and requires a small chunk of ciphertext, along with the plaintext that corresponds to it. The complexity is simply 2^n, where n is the key length, and the speed is essentially determined by two primary factors - the complexity and the speed of each test for each possible key. The algorithm in question can affect this. It appears that your assumption dealt with having only ciphertext has been intercepted. However, that is not the traditional criterion for this attack.

Your scenario is more relative to dictionary attacks, which are specialized forms of brute force, that take advantage of predefined plaintext/ciphertext databases, in that success can be as simple as finding values that match. This works quite effectively, in systems where common, weak passwords pose a threat. In other words, in such an attack, the plaintext "pops" out at you when you find the corresponding ciphertext in the database (appended to the plaintext, in a pair) that matches the intercepted ciphertext. This attack is a means of narrowing things down. The success rate isn't as static and guaranteed as traditional brute force, but when successful, it shortens the time required, by taking advantage of bad password-choosing etiquette. It has achieved devastating results, on many occasions. Never underestimate this attack. It exploits just how lazy some folks can be.


Last edited by JustinT on Fri Nov 19, 2004 3:35 pm; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
Ralle
Just Arrived
Just Arrived


Joined: 21 Sep 2003
Posts: 0


Offline

PostPosted: Tue Mar 16, 2004 11:58 pm    Post subject: Reply with quote

If you know what language you are up against you can have the computer check the decrypted ciphertext against a certain criterias for that language. If for example you know that you are up against english plaintext then you can have the computer check whether the word "the" is in the text. Further criterias can be setup, like:

Letters after full stop has to be capital.
The amount of dots relative to normal characters
That 85%+ of the ascii values has to be between 30 and 60 (cannot remeber exactly where normal letters are, but i beleive its around that)

The above is general for most written languages. So if the computer finds one or more of theese criterias is true in a given decrypted ciphertext (you decide how many of the criterias you want to be true), it shows the text to the user. If the text is the plaintext, then you have it. If not then you make the program continue.
theoretically, you might end up with perfectly read-able, sense-making text which is actually not the plaintext. You could even end up with shakespeares works, but this is highly unlikely. There is a good chance that any text that makes sense is the plaintext, however keep in mind that it is possible that it might not be the plaintext.

Greets, Ralle
Back to top
View user's profile Send private message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Wed Mar 17, 2004 3:01 am    Post subject: Exploiting the language. Reply with quote

Of course, that is the most obvious approach. The success rate is never guaranteed, but in many cases, one could find a rather high probability of such success by programming the brute force utility in such a way as to flag the user upon discovery of pronounceable, language-based output. The rules to this would be rather trivial to implement, in my opinion.

Consider an extension of a dictionary attack, where foreign languages were considered. This particular statistical test involved the Pinyin Romanization of syllables in the Chinese language, in regards to Chinese users. Basically, syllables were combined to form one-syllable, two-syllable, and three-syllable words. Because the aim of this approach was exhaustion, whether or not these words were legible made no difference. As such, the statistics of the Pinyin Romanization system are this: 298 Chinese syllables form the system, indicating that there are a total of 158,404 two-syllable formations, and over 16,000,000 three-syllable formations. I won't go into the semantics of this attack, but I mention it because of the relevance to similar methodology that can be mounted against the English language. As you can see, knowing the environment aids in narrowing the field down, quite significantly.

So, if as a last resort and decent method for locating a valid plaintext, you could simply define rules that would flag any and every set of output that contained valid, pronounceable words. Chances are, if there is enough ciphertext (which doesn't have to be a tremendously large amount), your discovery is likely to be the correct one, and only one. Take deciphering a classical cipher, for example. The correlations between classical and conventional cryptography are astoundingly numerous, in many aspects.

I find it very fascinating that given enough time, work effort, and ingenuity, once could considerably mitigate the time and complexity involved in a brute force search, by significantly narrowing down their search criteria, based on elements within the environment in which their search will be deployed. Even then, with the increasingly large success probability of these generic, full exhaustive searches, you are likely to find yourself rendering decent results with much less effort. That is, if exhaustive search is within practical and affordable means. Dictionary attacks have supported this notion of affordable effectiveness.

This is just my opinion (and but one among the many) on a logical approach to the matter, albeit broad.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register