Issues with Cryptography
Much like any system that will be explored in this text, cryptography has its faults and potential attacks. Attacks are designed to leverage weaknesses in both implementation and logic in many cases. However one thing that should always be kept in mind is that no matter how strong or well designed a system may be, it will always be vulnerable to those with enough computing power, time, and determination.
The first type of attack we’ll look at is the one most commonly seen in movies, books, and other media: the brute-force attack. A brute-force attack works by trying every possible combination of codes, symbols, and characters in an effort to find the right one. DES is vulnerable to brute-force attacks, whereas Triple-DES encryption is very resistant to brute-force attacks due to the time and power involved to retrieve a key:
in addition to a brute-force attack, other methods designed to recover a key include:
Ciphertext-only Attack The attacker has some sample of ciphertext but lacks the cor- responding plaintext or the key. The goal is to find the corresponding plaintext in order to determine how the mechanism works. Ciphertext-only attacks tend to be the least successful based on the fact that the attacker has very limited knowledge at the outset.
Known Plaintext Attack The attacker possesses the plaintext and ciphertext of one or more messages. The attacker will then use this acquired information to determine the key in use. This attack shares many similarities with brute-force attacks.
Chosen Plaintext Attack The attacker is able to generate the corresponding ciphertext to deliberately chosen plaintext. Essentially, the attacker can “feed” information into the encryption system and observe the output. The attacker may not know the algorithm or the secret key in use.
Chosen Ciphertext Attack The attacker is able to decrypt a deliberately chosen ciphertext into the corresponding plaintext. Essentially, the attacker can “feed” information into the decryption system and observe the output. The attacker may not know the algorithm or the secret key in use.
