All Topics  
Brute force attack

 
Brute Force Attack

 
   Email Print
   Bookmark   Link
 

 

Brute force attack
 
 
  Topics Brute force attack Topic Home

In cryptanalysis
Cryptanalysis

Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so....
, a brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities; for example, a large number of the possible key
Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result....
s in a key space
Key space

In cryptography, an algorithm key space refers to the set of all possible Key that can be used to initialize it. For example, if an algorithm works using a key that is a string of 10 bits, then its key space is the set of all binary numeral system strings of length 10....
 in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out.






Discussion
Ask a question about 'Brute force attack'
Start a new discussion about 'Brute force attack'
Answer questions from other users
Full Discussion Forum



Recent Posts

Hi.. I am B.E.(CSE)student & i am doing project on brute force attack.i want to know how to use bru...








Encyclopedia


Board300
In cryptanalysis
Cryptanalysis

Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so....
, a brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities; for example, a large number of the possible key
Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result....
s in a key space
Key space

In cryptography, an algorithm key space refers to the set of all possible Key that can be used to initialize it. For example, if an algorithm works using a key that is a string of 10 bits, then its key space is the set of all binary numeral system strings of length 10....
 in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out. Accordingly, one definition of "breaking" a cryptographic scheme is to find a method faster than a brute force attack.

The selection of an appropriate key length depends on the practical feasibility of performing a brute force attack. By obfuscating
Obfuscation

Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguity, and more difficult to interpret....
 the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.

The brute force attack could be combined with a dictionary attack
Dictionary attack

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities....
.

Symmetric ciphers

For symmetric-key ciphers
Symmetric-key algorithm

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption....
, a brute force attack typically means a brute-force search
Brute-force search

In computer science, brute-force search or exhaustive search, also known as generate and test, is a trivial but very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement....
 of the key space
Key space

In cryptography, an algorithm key space refers to the set of all possible Key that can be used to initialize it. For example, if an algorithm works using a key that is a string of 10 bits, then its key space is the set of all binary numeral system strings of length 10....
; that is, testing all possible key
Key (cryptography)

In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would have no result....
s in order to recover the plaintext
Plaintext

In cryptography, plaintext is the information which the sender wishes to transmit to the receiver. Before the computer era, plaintext simply meant text in the language of the communicating parties....
 used to produce a particular ciphertext.

In a brute force attack, the expected number of trials before the correct key is found is equal to half the size of the key space. For example, if there are 264 possible keys, a brute force attack would, on average, be expected to find a key after 263 trials.

For each trial of a candidate key the attacker needs to be able to recognize when he has found the correct key. The most straightforward way is to obtain a few corresponding plaintext and ciphertext pairs, that is, a known-plaintext attack
Known-plaintext attack

The known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encryption version and is at liberty to make use of them to reveal further secret information such as Cryptographic key and Code book....
 or crib
Crib (cryptanalysis)

Crib, in cryptanalysis, is a sample of known plaintext or Bombe#cribs. The term originated at Bletchley Park, the British World War II decryption operation....
. Alternatively, a ciphertext-only attack
Ciphertext-only attack

In cryptography, a ciphertext-only attack or known ciphertext attack is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts....
 is possible by decrypting ciphertext using each candidate key, and testing the result for similarity to plaintext language—for example, English
English language

English is a West Germanic language that originated in Anglo-Saxon England and has lingua franca status in many parts of the world as a result of the military, economic, scientific, political and cultural influence of the British Empire in the 18th, 19th and early 20th centuries and that of the United States from the mid 20th century onwa...
 encoded in ASCII
ASCII

American Standard Code for Information Interchange , is a coding standard that can be used for interchanging information, if the information is expressed mainly by the written form of English words....
.

In general, a symmetric key cipher is considered secure if there is no method less expensive (in time, memory requirements, etc) than brute force; Claude Shannon used the term "work factor" for this.

Symmetric ciphers with keys of length up to 64 bits have been broken by brute force attacks. DES
Data Encryption Standard

The Data Encryption Standard is a block cipher that was selected by National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally....
, a widely-used block cipher
Block cipher

In cryptography, a block cipher is a symmetric key algorithm cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation....
 which uses 56-bit keys, was broken by custom hardware in 1998 (see EFF DES cracker
EFF DES cracker

In cryptography, the EFF DES cracker is a machine built by the Electronic Frontier Foundation to perform a brute force attack search of Data Encryption Standard cipher's key space ? that is, to decrypt an encrypted message by trying every possible key....
), and a message encrypted with RC5
RC5

In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ron Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code" ....
 using a 64-bit key was broken more recently by Distributed.net
Distributed.net

distributed.net is a worldwide distributed computing effort that is attempting to solve large scale problems using otherwise Idle time. It is officially recognized as a non-profit organization under U.S....
. More recently, the was built, which is a reconfigurable code breaker that is suited for key searching of many different algorithms, including DES. In addition, it is commonly speculated that government intelligence agencies (such as the U.S.
United States

The United States of America is a Federal government constitutional republic comprising U.S. state and a federal district. The country is situated mostly in central North America, where its Contiguous United States and Washington, D.C., the Capital districts and territories, lie between the Pacific Ocean and Atlantic Oceans, Borders of the U...
 NSA) can successfully attack a symmetric key cipher with long key lengths, such as a 64-bit key, using brute force. For applications requiring long term security, 128 bits is, , is currently thought a sufficient key length for new systems using symmetric key algorithms. NIST has recommended that 80-bit designs be phased out by 2015.

If keys are generated in a weak way, for example, derived from a guessable-password
Password

A password is a secret word or string of Character that is used for authentication, to prove identity or gain access to a resource . The password must be kept Secrecy from those not allowed access....
, it is possible to exhaustively search over a much smaller set
Dictionary attack

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities....
, for example, keys generated from passwords in a dictionary. See password cracking
Password cracking

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password....
 and passphrase
Passphrase

A passphrase is a sequence of words or other text used to access control to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security....
 for more information.

Ciphers with proven perfect secrecy, such as the one-time pad
One-time pad

In cryptography, the one-time pad is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once....
, cannot be broken by a brute force attack.

Theoretical limits

The resources required for a brute force attack scale exponentially
Exponential growth

Exponential growth occurs when the growth rate of a mathematical function is proportionality to the function's current value. In the case of a discrete domain of definition with equal intervals it is also called geometric growth or geometric decay ....
 with increasing key size
Key size

In cryptography, key size or key length is the size of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits....
, not linearly. As a result, doubling the key size for an algorithm does not simply double the required number of operations, but rather squares them. Although algorithms which use 56-bit keys (e.g. the obsolete DES
Data Encryption Standard

The Data Encryption Standard is a block cipher that was selected by National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally....
) are now vulnerable to brute force attack, this is not true of more modern encryption algorithms such as AES
Advanced Encryption Standard

In cryptography, the Advanced Encryption Standard is an encryption standard adopted by the Federal government of the United States. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128 bit block size, with key sizes of 128...
, Twofish
Twofish

In cryptography, Twofish is a Symmetric-key algorithm block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard process, but was not selected for standardisation....
 and Serpent
Serpent (cipher)

Serpent is a symmetric key block cipher which was a finalist in the Advanced Encryption Standard process, where it came second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen....
 which use 128-, 192- or 256-bit keys as standard.

There is a physical argument that a 128-bit symmetric key
Symmetric-key algorithm

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption....
 is secure against brute force attack. The so-called Von Neumann-Landauer Limit
Landauer's Principle

Landauer's Principle, first argued in 1961 by Rolf Landauer of IBM, holds that "any logically irreversible manipulation of information, such as the erasure of a bit or the merging of two computation paths, must be accompanied by a corresponding entropy increase in non-information bearing degrees of freedom of the information processing appara...
 implied by the laws of physics sets a lower limit on the energy required to perform a computation of per bit erased in a computation, where T is the temperature of the computing device in kelvin
Kelvin

The kelvin is a Units of measurement of temperature and is one of the seven SI base units. The Kelvin scale is a Thermodynamic temperature scale where absolute zero, the theoretical absence of all thermal energy, is zero ....
, k is the Boltzmann constant
Boltzmann constant

The Boltzmann constant is the physical constant relating energy at the particle level with temperature observed at the bulk level. It is the gas constant R divided by the Avogadro constant NA:...
, and the natural logarithm
Natural logarithm

The natural logarithm, formerly known as the hyperbolic logarithm, is the logarithm to the base e , where e is an irrational number constant approximately equal to 2.718281828....
 of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.

Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would require bit flips. If we assume that the calculation occurs near room temperature (~300 K) we can apply the Von Neumann-Landauer Limit to estimate the energy required as Joules, which is equivalent to consuming 30 gigawatts
Orders of magnitude (power)

This page lists examples of the power in watts produced by various different sources of energy. They are grouped by orders of magnitude, and each section covers three orders of magnitude, or a factor of one thousand....
 of power for one year . The full actual computation—checking each key to see if you have found a solution—would consume many times this amount.

However, this argument assumes that the register values are changed using conventional set and clear operations which inevitably generate entropy. It has been shown that computational hardware can be designed not to encounter this theoretical obstruction: see reversible computing
Reversible computing

Reversible computing, sometimes called non-destructive computing includes any computational process that is reversible, i.e., time-invertible function, meaning that a time-reversed version of the process could exist within the same general dynamical system as the original process....
. It should be pointed out that no known such computers have been constructed.

The amount of time required to break a 128-bit key is also daunting. Each of the (340,282,366,920,938,463,463,374,607,431,768,211,456) possibilities must be checked. A device that could check a billion billion keys per second would still require about years to exhaust the key space. This is a thousand times longer than the age of the universe
Age of the universe

The age of the universe is the time elapsed between the Big Bang and the present day. Current theory and observations suggest that this is between 13.61 and 13.85 1000000000 years....
, which is about 13,000,000,000 years.

AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires times more computational power than a 128-bit key. A device that could check a billion billion AES keys per second would require about years to exhaust the 256-bit key space.

Hence, 128-bit symmetric keys are impractical to attack by brute force methods using current technology and resources, and 256-bit keys are not likely to be broken by brute force methods using any obvious future technology. The underlying assumption is that the complete keyspace is used to generate keys, something that relies on an effective random number generator
Random number generation

A random number generator is a computer or physical device designed to generate a sequence of numbers or symbols that lack any pattern, i.e. appear random....
. For example, a number of systems that were originally thought to be impossible to crack by brute force have nevertheless been cracked in this way because the key space
Key space

In cryptography, an algorithm key space refers to the set of all possible Key that can be used to initialize it. For example, if an algorithm works using a key that is a string of 10 bits, then its key space is the set of all binary numeral system strings of length 10....
 to search through was found to be much smaller than originally thought, due to a lack of entropy
Entropy (computing)

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data....
 in their pseudorandom number generator
Pseudorandom number generator

A pseudorandom number generator is an algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state. Although sequences that are closer to truly random can be gen...
s. These include Netscape
Netscape

Netscape Communications is a United States computer services company, best known for its web browser. The browser was once dominant in terms of Usage share of web browsers, but lost most of that share to Internet Explorer during the browser wars....
's implementation of SSL (famously cracked by Ian Goldberg
Ian Goldberg

Ian Avrum Goldberg is a cryptographer and cypherpunk. He is best known for breaking Netscape Communications Corporation implementation of Secure Sockets Layer , and for his role as Chief Scientist of Radialpoint , a Canadian software company....
 and David Wagner
David Wagner

David A. Wagner is an Associate Professor of Computer Science at the University of California, Berkeley and a well-known researcher in cryptography and computer security....
 in 1995) and a Debian
Debian

Debian GNU/Linux is one of the most popular and influential computer operating systems composed of free software and open source software....
 implementation of OpenSSL
OpenSSL

OpenSSL is an open source implementation of the Transport Layer Security protocols. The core library implements the basic cryptography functions and provides various utility functions....
 cracked in 2008.

Unbreakable codes

Certain types of encryption, by their mathematical properties, cannot be defeated by brute force. An example of this is one-time pad
One-time pad

In cryptography, the one-time pad is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once....
 cryptography, where every cleartext
Cleartext

In data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing....
 bit has a corresponding key bit. One-time pads rely on the ability to generate a truly random sequence of key bits. A brute force attack would eventually reveal the correct decoding, but also every other possible combination of bits, and would have no way of distinguishing one from the other. A small, 100-byte, one-time-pad–encoded string subjected to a brute force attack would eventually reveal every 100-byte string possible, including the correct answer, but mostly nonsense. Of all the answers given, there is no way of knowing which is the correct one. Nevertheless, the system can be defeated if not implemented correctly, for example if one-time pad
One-time pad

In cryptography, the one-time pad is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once....
s are re-used.

See also

  • Side-channel attack
  • Cryptographic key length for a fuller discussion of recommended key sizes for symmetric and asymmetric algorithms.
  • TWINKLE
    TWINKLE

    TWINKLE is a hypothetical integer factorization device described in 1999 by Adi Shamir and purported to be capable of factoring 512-bit integers....
     and TWIRL
    TWIRL

    In cryptography and number theory, TWIRL is a hypothetical hardware device designed to speed up the sieving step of the general number field sieve integer factorization algorithm....
  • 40-bit encryption
    40-bit encryption

    40-bit encryption refers to a key size of forty bits, or five bytes, for symmetric encryption; this represents a relatively low level of security....
  • Distributed.net
    Distributed.net

    distributed.net is a worldwide distributed computing effort that is attempting to solve large scale problems using otherwise Idle time. It is officially recognized as a non-profit organization under U.S....
  • MD5CRK
    MD5CRK

    In cryptography, MD5CRK was a distributed computing effort launched by Jean-Luc Cooke and his company, , to demonstrate that the MD5 message digest algorithm is insecure by finding a collision — two messages that produce the same MD5 hash....
  • Unicity distance
    Unicity distance

    Unicity distance is a term used in cryptography referring to the length of an original ciphertext needed to break the cipher by reducing the number of possible spurious keys to zero in a brute force attack....
  • RSA Factoring Challenge
    RSA Factoring Challenge

    The RSA Factoring Challenge was a challenge put forward by RSA Laboratories on March 18 1991 to encourage research into computational number theory and the practical difficulty of Factorization large integers and cracking RSA keys used in cryptography....
  • Custom hardware attack
    Custom hardware attack

    In cryptography, a custom hardware attack uses specially designed electronic circuits to decipher encryption.Mounting a cryptographic brute force attack requires a large number of similar computations: typically trying one key , checking if the resulting decryption gives a meaningful answer and trying the next key if it does not....
  • Dictionary attack
    Dictionary attack

    In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities....


External links

  • — a survey by Richard Clayton