SlideShare une entreprise Scribd logo

Cryptanalysis Techniques Explained

Télécharger en tant que PPT, PDF
EC-Council
EC-Council

Cryptanalysis involves attempting to decrypt encrypted messages without access to the encryption key. It is difficult and not guaranteed to work. There are different levels of success for cryptanalysis attacks including fully deducing the key or gaining some information without the key. Common cryptanalysis techniques include frequency analysis, known/chosen plaintext attacks, related-key attacks, linear cryptanalysis, and differential cryptanalysis. These techniques aim to exploit weaknesses in encryption algorithms and reduce the number of possible keys rather than using brute force.

TechnologieFormation
1  sur  20
Cryptanalysis
The Speaker  Chuck Easttom  ceasttom@cec-security.com  www.CEC-Security.com
What cryptanalysis is NOT  It’s not fast  It’s not guaranteed  It’s not easy  It’s not what you see in movies the
Levels of Success Total break — the attacker deduces the secret key. Global deduction — the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key. Instance (local) deduction — the attacker discovers additional plaintexts (or ciphertexts) not previously known. Information deduction — the attacker gains some Shannon information about plaintexts (or ciphertexts) not previously known. Distinguishing algorithm — the attacker can distinguish the cipher from a random permutation.
Resources Time — the number of "primitive operations" which must be performed. This is quite loose; primitive operations could be basic computer instructions, such as addition, XOR, shift, and so forth, or entire encryption methods. Memory — the amount of storage required to perform the attack. Data — the quantity of plaintexts and ciphertexts required.
Breaking Ciphers This means finding any method to decrypt the message that is more efficient than simple brute force attempts. Brute force is simply trying every possible key. If they algorithm uses a 128 bit key that means 2128 possible keys. In the decimal number system that is 3.402 * 1038 possible keys. If you are able to attempt 1 million keys every second it could still take as long as 10,790,283,070,806,014,188,970,529 years to break.
Breaking Ciphers Cryptanalysis is using other techniques (other than brute force) to attempt to derive the key. In some cases cryptographic techniques are used to test the efficacy of a cryptographic algorithm. Such techniques are frequently used to test hash algorithms for collisions. You must keep in mind that any attempt to crack any non-trivial cryptographic algorithm is simply an ‘attempt’. There is no guarantee of any method working. And whether it works or not it will probably be a long and tedious process. This should make sense to you. If cracking encryption where a trivial process, then encryption would be useless.
Frequency Analysis This is the basic tool for breaking most classical ciphers. In natural languages, certain letters of the alphabet appear more frequently than others. By examining those frequencies you can derive some information about the key that was used. This method is very effective against classic ciphers like Caesar, Vigenere, etc. It is far less effective against modern methods. In fact with modern methods, the most likely result is that you will simply get some basic information about the key, but you will not get the key. Remember in English the words’ the and and are the two most common three letter words. The most common single letter words are I and a. If you see two of the same letters together in a word, it is most likely ee or oo.
Known Plain Text/ Chosen Plain Text In this attack the attacker obtains the ciphertexts corresponding to a set of plaintexts of his own choosing. This can allow the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. This can be difficult but is not impossible.
Cipher Text Only Ciphertext-only: The attacker only has access to a collection of cipher texts. This is much more likely than known plaintext, but also the most difficult. The attack is completely successful if the corresponding plaintexts can be deduced, or even better, the key. The ability to obtain any information at all about the underlying plaintext is still considered a success.
Related Key attack Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if you can obtain the plain text and matching cipher text.
Linear Cryptanalysis Linear cryptanalysis is based on finding affine approximations to the action of a cipher. It is commonly used on block ciphers. This technique was invented by Mitsarue Matsui. It is a known plaintext attack and uses a linear approximation to describe the behavior of the block cipher. Given enough pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained. Obviously the more pairs of plain text and cipher text one has, the greater the chance of success. Remember cryptanalysis is an attempt to crack cryptography. For example with the 56 bit DES key brute force could take up to 256 attempts. Linear cryptanalysis will take 243 known plaintexts. This is better than brute force, but still impractical for most situations.
Linear Cryptanalysis With this method, a linear equation expresses the equality of two expressions which consist of binary variables XOR’d. For example, the following equation, XORs sum of the first and third plaintext bits and the first ciphertext bit is equal to the second bit of the key: You can use this method to slowly recreate the key that was used.
Linear Cryptanalysis Now after doing this for each bit you will have an equation of the form we can then use Matsui's Algorithm 2, using known plaintextciphertext pairs, to guess at the values of the key bits involved in the approximation. For each set of values of the key bits on the right-hand side (referred to as a partial key), count how many times the approximation holds true over all the known plaintext-ciphertext pairs; call this count T. The partial key whose T has the greatest absolute difference from half the number of plaintext-ciphertext pairs is designated as the most likely set of values for those key bits
Differential Cryptanalysis Differential cryptanalysis is a form of cryptanalysis applicable to symmetric key algorithms. This was invented by Elii Biham and Adi Shamir. Essentially it is the examination of differences in an input and how that affects the resultant difference in the output. It originally worked only with chosen plaintext. Could also work with known plaintext and ciphertext only.
Differential Cryptanalysis By analyzing the changes in some chosen plaintexts, and the difference in the outputs resulting from encrypting each one, it is possible to recover some properties of the key.
Differential Cryptanalysis Differential Cryptanalysis is a Chosen Plaintext attack. By analyzing the Cipher, Differential Characteristics are discovered and used to discover information about the key. This technique doesn’t recover the key, but it attempts to reduce the number of possible keys so that it is possible to find the key in a reasonable amount of time.
Other methods Higher Order Differential Cryptanalysis Truncated Differential Cryptanalysis Impossible Differential Cryptanalysis Boomerang Attack Mod-n cryptanalysis Boomerang Attack
Other Techniques • • • • Seeking clues Using other passwords Learning about the subject Tricking the person into giving you the password
Questions ceasttom@cec-security.com www.CEC-Security.com

Recommandé

Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and AttacksShahbaz Anjam
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysInformation Security Awareness Group
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityRamki M
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overviewppd1961
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack amiteshg
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Ch02 classic nemo
Ch02 classic nemoCh02 classic nemo
Ch02 classic nemoSamia Elsayed
 

Recommandé

Cryptanalysis and Attacks
Cryptanalysis and AttacksCryptanalysis and Attacks
Cryptanalysis and AttacksShahbaz Anjam
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysInformation Security Awareness Group
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityRamki M
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overviewppd1961
 
Cryptography and applications
Cryptography and applicationsCryptography and applications
Cryptography and applicationsthai
 
Cryptography-Known plain text attack
Cryptography-Known plain text attack Cryptography-Known plain text attack
Cryptography-Known plain text attack amiteshg
 
Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Information Security Cryptography ( L02- Types Cryptography)
Information Security Cryptography ( L02- Types Cryptography)Anas Rock
 
Ch02 classic nemo
Ch02 classic nemoCh02 classic nemo
Ch02 classic nemoSamia Elsayed
 
What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?Pratik Poddar
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniquesShubham Jain
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ruHossain Md Shakhawat
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIMaksim Djackov
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityBikramjit Sarkar, Ph.D.
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptographyHossain Md Shakhawat
 
Cryptography
CryptographyCryptography
CryptographyKalyani Government Engineering College
 
Cryptography
CryptographyCryptography
CryptographySuhepi Saputri
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryptionRashmi Burugupalli
 
Crytography
CrytographyCrytography
CrytographyMostak Ahmed
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
Cryptography
CryptographyCryptography
Cryptographygueste4c97e
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:Asad Ali
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography pptSoma Subbama
 
Cryptography for Everyone
Cryptography for EveryoneCryptography for Everyone
Cryptography for EveryoneSerkan Yıldırım
 
Cryptography
CryptographyCryptography
Cryptographyprasham95
 
Cryptography
CryptographyCryptography
CryptographyJens Patel
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersVlad Garbuz
 
Cryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit moreCryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit moreThings Lab
 

Contenu connexe

Tendances

What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?Pratik Poddar
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniquesShubham Jain
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIMaksim Djackov
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityBikramjit Sarkar, Ph.D.
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptographyzahid-mian
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief Historyprasenjeetd
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryptionRashmi Burugupalli
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:Asad Ali
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography pptSoma Subbama
 
Cryptography
CryptographyCryptography
Cryptographyprasham95
 

Tendances (20)

What is Cryptography?
What is Cryptography?What is Cryptography?
What is Cryptography?
 
overview of cryptographic techniques
overview of cryptographic techniquesoverview of cryptographic techniques
overview of cryptographic techniques
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
 
Introduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and IIIIntroduction to Cryptography Parts II and III
Introduction to Cryptography Parts II and III
 
Introductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information SecurityIntroductory Lecture on Cryptography and Information Security
Introductory Lecture on Cryptography and Information Security
 
Intro to modern cryptography
Intro to modern cryptographyIntro to modern cryptography
Intro to modern cryptography
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography - A Brief History
Cryptography - A Brief HistoryCryptography - A Brief History
Cryptography - A Brief History
 
basic encryption and decryption
basic encryption and decryption basic encryption and decryption
basic encryption and decryption
 
Crytography
CrytographyCrytography
Crytography
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
One time pad Encryption:
One time pad Encryption:One time pad Encryption:
One time pad Encryption:
 
Sunanda cryptography ppt
Sunanda cryptography pptSunanda cryptography ppt
Sunanda cryptography ppt
 
Cryptography for Everyone
Cryptography for EveryoneCryptography for Everyone
Cryptography for Everyone
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 

En vedette

Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersVlad Garbuz
 
Cryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit moreCryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit moreThings Lab
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 

En vedette (7)

Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
 
Cryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit moreCryptanalysis - basic ciphers and a bit more
Cryptanalysis - basic ciphers and a bit more
 
Cryptanalysis Lecture
Cryptanalysis LectureCryptanalysis Lecture
Cryptanalysis Lecture
 
Cryptoppt
CryptopptCryptoppt
Cryptoppt
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
RC4&RC5
RC4&RC5RC4&RC5
RC4&RC5
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 

Similaire à Cryptanalysis Techniques Explained

Information and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisInformation and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisVaibhav Khanna
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"Aditya Raina
 
Secure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemSecure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemAvishek Datta
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxukd789555
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Techglyphs
 
a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...INFOGAIN PUBLICATION
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxjibonjibon5
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackMona Rajput
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...ams1ams11
 
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxIntroduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxmariuse18nolet
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodelpriyapavi96
 

Similaire à Cryptanalysis Techniques Explained (20)

Unit-2-IS (1).pdf
Unit-2-IS (1).pdfUnit-2-IS (1).pdf
Unit-2-IS (1).pdf
 
Cryptography
CryptographyCryptography
Cryptography
 
Information and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysisInformation and network security 11 cryptography and cryptanalysis
Information and network security 11 cryptography and cryptanalysis
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"
 
Secure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key CryptosystemSecure Encryption Technique (SET): A Private Key Cryptosystem
Secure Encryption Technique (SET): A Private Key Cryptosystem
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1
 
a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...a performance analysis of generalized key scheme block cipher (gksbc) algorit...
a performance analysis of generalized key scheme block cipher (gksbc) algorit...
 
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptxSecret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
Secret-Key-Cryptography-ppt-by-alljobs.co_.in_.pptx
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
 
Network Security
Network SecurityNetwork Security
Network Security
 
Types of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic AttackTypes of Cryptosystem and Cryptographic Attack
Types of Cryptosystem and Cryptographic Attack
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
 
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
CH2 Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [54-...
 
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxIntroduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
 
Unit 1
Unit 1Unit 1
Unit 1
 
Cryptography
CryptographyCryptography
Cryptography
 
Symmetric ciphermodel
Symmetric ciphermodelSymmetric ciphermodel
Symmetric ciphermodel
 

Plus de EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 

Plus de EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Dernier

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Dernier (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Cryptanalysis Techniques Explained

  • 2. The Speaker  Chuck Easttom  ceasttom@cec-security.com  www.CEC-Security.com
  • 3. What cryptanalysis is NOT  It’s not fast  It’s not guaranteed  It’s not easy  It’s not what you see in movies the
  • 4. Levels of Success Total break — the attacker deduces the secret key. Global deduction — the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without learning the key. Instance (local) deduction — the attacker discovers additional plaintexts (or ciphertexts) not previously known. Information deduction — the attacker gains some Shannon information about plaintexts (or ciphertexts) not previously known. Distinguishing algorithm — the attacker can distinguish the cipher from a random permutation.
  • 5. Resources Time — the number of "primitive operations" which must be performed. This is quite loose; primitive operations could be basic computer instructions, such as addition, XOR, shift, and so forth, or entire encryption methods. Memory — the amount of storage required to perform the attack. Data — the quantity of plaintexts and ciphertexts required.
  • 6. Breaking Ciphers This means finding any method to decrypt the message that is more efficient than simple brute force attempts. Brute force is simply trying every possible key. If they algorithm uses a 128 bit key that means 2128 possible keys. In the decimal number system that is 3.402 * 1038 possible keys. If you are able to attempt 1 million keys every second it could still take as long as 10,790,283,070,806,014,188,970,529 years to break.
  • 7. Breaking Ciphers Cryptanalysis is using other techniques (other than brute force) to attempt to derive the key. In some cases cryptographic techniques are used to test the efficacy of a cryptographic algorithm. Such techniques are frequently used to test hash algorithms for collisions. You must keep in mind that any attempt to crack any non-trivial cryptographic algorithm is simply an ‘attempt’. There is no guarantee of any method working. And whether it works or not it will probably be a long and tedious process. This should make sense to you. If cracking encryption where a trivial process, then encryption would be useless.
  • 8. Frequency Analysis This is the basic tool for breaking most classical ciphers. In natural languages, certain letters of the alphabet appear more frequently than others. By examining those frequencies you can derive some information about the key that was used. This method is very effective against classic ciphers like Caesar, Vigenere, etc. It is far less effective against modern methods. In fact with modern methods, the most likely result is that you will simply get some basic information about the key, but you will not get the key. Remember in English the words’ the and and are the two most common three letter words. The most common single letter words are I and a. If you see two of the same letters together in a word, it is most likely ee or oo.
  • 9. Known Plain Text/ Chosen Plain Text In this attack the attacker obtains the ciphertexts corresponding to a set of plaintexts of his own choosing. This can allow the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key. This can be difficult but is not impossible.
  • 10. Cipher Text Only Ciphertext-only: The attacker only has access to a collection of cipher texts. This is much more likely than known plaintext, but also the most difficult. The attack is completely successful if the corresponding plaintexts can be deduced, or even better, the key. The ability to obtain any information at all about the underlying plaintext is still considered a success.
  • 11. Related Key attack Related-key attack: Like a chosen-plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys. This is actually a very useful attack if you can obtain the plain text and matching cipher text.
  • 12. Linear Cryptanalysis Linear cryptanalysis is based on finding affine approximations to the action of a cipher. It is commonly used on block ciphers. This technique was invented by Mitsarue Matsui. It is a known plaintext attack and uses a linear approximation to describe the behavior of the block cipher. Given enough pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained. Obviously the more pairs of plain text and cipher text one has, the greater the chance of success. Remember cryptanalysis is an attempt to crack cryptography. For example with the 56 bit DES key brute force could take up to 256 attempts. Linear cryptanalysis will take 243 known plaintexts. This is better than brute force, but still impractical for most situations.
  • 13. Linear Cryptanalysis With this method, a linear equation expresses the equality of two expressions which consist of binary variables XOR’d. For example, the following equation, XORs sum of the first and third plaintext bits and the first ciphertext bit is equal to the second bit of the key: You can use this method to slowly recreate the key that was used.
  • 14. Linear Cryptanalysis Now after doing this for each bit you will have an equation of the form we can then use Matsui's Algorithm 2, using known plaintextciphertext pairs, to guess at the values of the key bits involved in the approximation. For each set of values of the key bits on the right-hand side (referred to as a partial key), count how many times the approximation holds true over all the known plaintext-ciphertext pairs; call this count T. The partial key whose T has the greatest absolute difference from half the number of plaintext-ciphertext pairs is designated as the most likely set of values for those key bits
  • 15. Differential Cryptanalysis Differential cryptanalysis is a form of cryptanalysis applicable to symmetric key algorithms. This was invented by Elii Biham and Adi Shamir. Essentially it is the examination of differences in an input and how that affects the resultant difference in the output. It originally worked only with chosen plaintext. Could also work with known plaintext and ciphertext only.
  • 16. Differential Cryptanalysis By analyzing the changes in some chosen plaintexts, and the difference in the outputs resulting from encrypting each one, it is possible to recover some properties of the key.
  • 17. Differential Cryptanalysis Differential Cryptanalysis is a Chosen Plaintext attack. By analyzing the Cipher, Differential Characteristics are discovered and used to discover information about the key. This technique doesn’t recover the key, but it attempts to reduce the number of possible keys so that it is possible to find the key in a reasonable amount of time.
  • 18. Other methods Higher Order Differential Cryptanalysis Truncated Differential Cryptanalysis Impossible Differential Cryptanalysis Boomerang Attack Mod-n cryptanalysis Boomerang Attack
  • 19. Other Techniques • • • • Seeking clues Using other passwords Learning about the subject Tricking the person into giving you the password