Q
Problem solve Get help with specific problems with your technologies, process and projects.

How an attacker cracks a symmetric key-based system

Learn how an attacker cracks a symmetric key-based system.

In general, how does an attacker approach cracking a symmetric key-based system in which the attacker only has...

access to the cipher text (and the function if needed). How can I answer this in terms of a 20-bit binary key, or a 128-bit binary key?

To crack a symmetric system, an attacker needs at least the secret or private key and the algorithm. These two items run against the cipher text to decrypt it into plain text. An attack using only the cipher text, as you describe, is called a cipher text-only attack. However, the job is easier, if the attacker captures the private key – a cinch to grab off the wire if it's sent openly over the Internet.

In a cipher text only attack, the code is cracked by brute force. That means trial and error, looking for patterns that can be exploited and translated back into plaintext. Essentially, the attacker tries to guess the private key that will unlock the code and then tries to encrypt text with the guessed private key and continues this process until the encrypted text matches what the attacker already possesses.

Modern cryptographic systems can only be created by computers that are able to generate the amount of combinations required to create complex codes. Then, these codes can only be cracked by other computers able to match their wits in the number of keys they can generate to try to crack the code.

That is why key length is crucial in determining whether or not a code can be cracked. Even with high-speed computers, the time it takes to crack a code depends on the length of the key, which increases the strength of encryption. It can mean the difference between hours with a shorter key of 20 bits, or years with a 128-bit key, which means the code for practical purposes is unbreakable.

Another way to crack a code is the known plain text approach. In this method, the attacker has copies of both the cipher text and the corresponding plain text from which it was derived. The attacker has a direct translation to work with and two related pieces of text that make it easier for a computer to churn into keys for unlocking the code.

This was last published in November 2005

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

SearchCloudSecurity

• How to make a cloud risk assessment easier with frameworks, standards

A cloud risk assessment can often fall by the wayside in an enterprise, but using a standard or framework can simplify it. Expert...

• Tenable launches cloud-based vulnerability management platform

At RSA Conference 2017, Tenable Network Security introduced a cloud-based vulnerability management platform called Tenable.io ...

• Skyhigh expands CASB model to IaaS platform protection, custom apps

At RSA Conference 2017, Skyhigh Networks explained how it expanded its cloud access security broker model to include IaaS ...

SearchNetworking

• Arista Networks' revenue rises, while rival Cisco stumbles

Arista Networks' revenue rose more than 33% on strong sales of switches and routers. Arista released results a day after Cisco ...

• Cisco revenue continues to fall from weak sales in switches, routers

Cisco revenue dropped for the fifth consecutive quarter due to declining sales of switches and routers. The company is expected ...

• Will automation define the future of network technology?

This week, bloggers look at automation as the future of network technology, weigh in on Cumulus' EVPN features and examine ...

SearchCIO

• OpenStack in the enterprise: Are you up for the challenge?

OpenStack is popular with the Fortune 100. PayPal is a fan. And experts say its technical shortcomings are long gone. But there ...

• Want OpenStack benefits? Put your private cloud plan in place first

The open source software promises hard-to-come-by cloud standards and no vendor lock-in, says Forrester's Lauren Nelson. But ...

• How to monetize data

CIOs are increasingly being tasked with capitalizing on company information. Learn how to monetize data in this report from ...

SearchConsumerization

• Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

SearchEnterpriseDesktop

• How to create an ideal Windows 10 security setup

As with any OS, security in Windows 10 is crucial. IT must emphasize third-party software patching, malware protection and more ...

• Three basic Windows 10 security tips to keep in mind

There is so much to keep in mind with Windows 10 security it's easy to overlook the essentials. Get back to basics and remember ...

• Windows Store for Business now open to ease app delivery

The Windows Store for Business offers IT flexibility with Windows 10 application deployment, licensing and user management.

SearchCloudComputing

• Compare offline data migration services from AWS, Azure and Google

Sending a storage disk to a cloud provider seems like an antiquated data-migration method, but it's a common choice. Here's how ...

• Questions loom over Amazon-VMware cloud deal

The recent AWS-VMware cloud deal has IT pros wondering about price, feature set and much more. Laz Vekiarides, CTO of ClearSky ...

• Beyond shadow IT risks, opportunity awaits

Enterprises have a love/hate relationship with shadow IT. When it comes with risks, its presence also drives technological ...

ComputerWeekly

• Security Think Tank: Risk of DNS attacks goes beyond websites

What are the main security risks associated with DNS and how are these best mitigated?

• Multi-cloud management: Making it work for the enterprise

As the hype surrounding multi-cloud infrastructure continues to grow, what do enterprises need to do to make the model work for ...

• Accenture to add thousands of US jobs as Trump effect spreads to IT

Accenture has promised to create more jobs in the US and invest \$1.4bn in skills development

Close