# information security 2

squashyja

Cryptanalysis

Week4 Part4-IS

RevisionSu2013

Introduction to Cryptanalysis Cryptanalysis is the study of breaking a cryptosystem, so that the content of messages is

no longer hidden.

There is a lot of effort expended by both the “good” guys and the “bad” guys to crack

cryptosystems. Most encryption systems are very well known and studied by

cryptologists in the government, corporate, academic and hacking community. The more

an algorithm is studied the stronger is becomes until the algorithm is broke. The strength

of a cryptosystem comes from the strength of the key not the strength of the encryption

and decryption algorithm.

No algorithm has been studied more then DES. The algorithm is still considered secure;

however inroads have been made into finding weaknesses in the algorithm related to the

block size it uses for encryption and the relatively “small” key size used in DES (56 bit).

The key size was fixed by implementing 3DES which effectively uses the DES algorithm

with a 168 bit key length. Performance of DES was another consideration to find DES

replacements.

Cryptologists work to crack ciphers a number of ways. One common technique used by

hackers is called the “brute force” method. This means trying every possible key

combination. You would think with a 56 bit key the number of combinations would be

computationally huge, but with today’s systems and computing techniques a 56 bit key

can be cracked in a little over 10 hours. A hacker could dedicate an off the shelf PC to

crack encryption keys.

Thought to ponder:

Consider how long a brute force attack could take to crack your password!

Another way cryptanalysis works is to evaluate the algorithms being used. The analysis

can proceed if the cryptologist has some sample plaintexts and ciphertexts. Having

sample keys are also valuable even if they don’t correspond to a particular

plaintext/ciphertext pair. By close examination of patterns and relationships of the data

progress can be made understanding algorithms.

Natural Language

Cracking natural language ciphers can be easier then cracking a binary code. With natural

languages character and word frequency can play a major role in cracking an algorithm.

For example, consider the ROTn or railfence cipher. Regardless of what single character

replaces the character “a”. It would be somewhat easy to see a single character and infer

it is the translation for the character “a”. Similarly, finding 3 character patterns and

looking at character frequency may allow a cryptologist to readily identify the ciphertext

for the word “the”. There are ways to further disguise the ciphertext by removing spaces

from the ciphertext, or changing the cipher to alternate between multiple alphabets for

encryption.

Running natural language through compression algorithms is one way to further disguise

it.

Government Security The government does make use of encryption algorithms that are in the public domain for

some of its encryption needs. However, there are some government applications that the

algorithms are kept secret. The thinking is that if the keys and the algorithm are a secret

the entire cryptosystem is stronger. Advocates of open disclosure of algorithms would

argue this point.

Summary This lesson serves as an introduction into cryptography. We discussed the basic types of

encryption, what they are used for and applications that make use of them. We introduced

several topics and provided resources to provide a solid overview of the subject to allow

you to further explore topics on your own.