Q
Problem solve Get help with specific problems with your technologies, process and projects.

# How an attacker cracks a symmetric key-based system

## Learn how an attacker cracks a symmetric key-based system.

In general, how does an attacker approach cracking a symmetric key-based system in which the attacker only has...

access to the cipher text (and the function if needed). How can I answer this in terms of a 20-bit binary key, or a 128-bit binary key?

To crack a symmetric system, an attacker needs at least the secret or private key and the algorithm. These two items run against the cipher text to decrypt it into plain text. An attack using only the cipher text, as you describe, is called a cipher text-only attack. However, the job is easier, if the attacker captures the private key – a cinch to grab off the wire if it's sent openly over the Internet.

In a cipher text only attack, the code is cracked by brute force. That means trial and error, looking for patterns that can be exploited and translated back into plaintext. Essentially, the attacker tries to guess the private key that will unlock the code and then tries to encrypt text with the guessed private key and continues this process until the encrypted text matches what the attacker already possesses.

Modern cryptographic systems can only be created by computers that are able to generate the amount of combinations required to create complex codes. Then, these codes can only be cracked by other computers able to match their wits in the number of keys they can generate to try to crack the code.

That is why key length is crucial in determining whether or not a code can be cracked. Even with high-speed computers, the time it takes to crack a code depends on the length of the key, which increases the strength of encryption. It can mean the difference between hours with a shorter key of 20 bits, or years with a 128-bit key, which means the code for practical purposes is unbreakable.

Another way to crack a code is the known plain text approach. In this method, the attacker has copies of both the cipher text and the corresponding plain text from which it was derived. The attacker has a direct translation to work with and two related pieces of text that make it easier for a computer to churn into keys for unlocking the code.

This was last published in November 2005

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How Amazon GuardDuty could bolster enterprise cloud security

The new Amazon GuardDuty aims to secure enterprise AWS accounts and workloads, but does it? Expert Ed Moyle takes a closer look ...

• ### What the Azure AD Connect vulnerability can teach enterprises

Enterprises should learn from a Microsoft Azure AD Connect vulnerability that cloud security requires a hands-on approach. Expert...

• ### How the Meltdown vulnerability affects cloud services

The Meltdown vulnerability has far-reaching implications, including with cloud providers. Expert Dave Shackleford looks at the ...

## SearchNetworking

• ### Ethernet bandwidth costs fall to a six-year low

Ethernet bandwidth costs in data center switches fell to a six-year low in 2017. Crehan Research reported cloud provider demand ...

• ### Yahoo Japan deploys intent-based network with Apstra AOS

Yahoo Japan deploys an Apstra intent-based network to oversee multiple vendors. Cisco touts Los Angeles Hospital, as well as the ...

• ### Is it best to buy or build a network automation system?

Bloggers explore the question of buying versus building a network automation system, the challenges of hyper-converged ...

## SearchCIO

• ### Former Equifax CIO's indictment should be a red flag for IT execs

A former Equifax CIO has been indicted for insider trading following the company's 2017 data breach. Will it force IT execs to ...

• ### Two data scientists offer advice on breaking down siloed data

Data scientists offer insight into why the age-old problem of siloed data persists and some concrete advice to CIOs on how to ...

• ### ISACA: Build security into artificial intelligence hardware

A new paper on how to fight off malicious AI recommends adding security features to AI chips. ISACA's Rob Clyde explains why ...

## SearchEnterpriseDesktop

• ### How to take advantage of SCCM and Intune co-management

IT can combine Microsoft Intune and System Center Configuration Manager to manage users' mobile devices, as well as any legacy ...

• ### Get to know your Windows 10 update options

Windows as a service changes the way updates work in Windows 10 from past versions of the OS. Each of the three servicing ...

• ### Top six Windows 10 migration problems and how to avoid them

Users and IT professionals sometimes have issues after a Windows 10 migration. Careful planning can mitigate these issues before ...

## SearchCloudComputing

• ### Analysts: How to make IBM Cloud services more competitive

To make IBM Cloud more competitive, Big Blue must stand by its enterprise base, while it also satisfies the developer community ...

• ### Don't overlook these practices in software modernization

During app modernization projects, teams commonly overlook basic goals, processes and tools. which can sully app launches as a ...

• ### Google preemptible VMs reduce cloud costs -- with a catch

With its preemtible VMs, Google offers spare compute capacity at a discounted price. But be careful not to run certain apps on ...

## ComputerWeekly.com

• ### Employers face hiring crisis as AI replaces mid-skilled jobs

Artificial intelligence could replace two-thirds of existing jobs within 20 years, and employers will face growing difficulties ...

• ### Majority of organisations unaware of costs and responsibilities for cloud outages, research finds

Most companies are unaware about the costs associated with a cloud outage and who is responsible for getting systems back online

• ### Network security in the age of the internet of things

Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data

Close