Skip to main content

Weakness of Cryptography

Weakness of cryptography


“A perfect system doesn't exist, it take patience, 
skills, determination and resources to hack any system in the world”

The main cryptography challenge is bruteforce attack. This attack happens when user tries all possible combination on earth to guess the encryption key combination. This took a very long time to achieve, although this defends on the cryptosystem been targeted and the resources and skills been employed or applied.

Bruteforce is the  most common type of attack that we watch in movies, if you do watch films that involve security like 24, Nikita or Chuks TV series, you will notice sometimes they try to access someones data using bruteforce attack. You will see numbers symbols been randomly runned on the screen, this random codes, alphabets and symbols are trying the get the keys by trying all possible combinations. One successful you can access the encrypted key public/private.

DES is highly vulnerable to bruteforce attack, while Tripple-DES has resistance power, that doesn't means it cant be broken! But it takes huge time and resources to make the attack successful.

Time and resources involve to hack 40-56bits encryption key

Budget                     40bits key              56bits key

Regular User                1 week                  40years
Small business        12days                   556days
Corporation                 21seconds           19days
Large multinational 0.005seconds    6minutes
Government                 0.0002seconds    12seconds

Table from Sybex CEH


As you can see from the above table. Government always has the highest budget thus has the best chance to decrypt data. Regular user like you and I wil take a very long time due to the amount of resources and skills invested.

Bruteforce is not the only attack that hackers or intruders can retrieve keys with. Below are the list of possible attacks that can be carried on to successfully extract encrypted keys. Remember one can only have access to the data after getting keys.

Chipertext only attack
Known plaintext attack
Chosen plaintext attack
Chosen chipertext attack
Traffic recording attack

Chipertext only attack: Here the attacker has limited knowledge on his target. He has the sample part of the chipertext without the plaintext/key. He want to get the plaintext so as to know the technical know how of the encryption. After getting the palintext together with the sample of the chipertext, the attacker will proceed with his attack. This is the least successful attack because the attacker has least knowledge about the system.

Known Plaintext attack: In this type of attack, the attacker possesses the plaintext and the chipertex but doesn't know the key. Here he will try to use the possessed information the get the key. This attack is similar to the bruteforce attack.

Chosen Plaintext attack: The intruder can successfully generate a chipertext based on a chosen plaintext. The attacker will try to add some information into the encryption and observe the output. The attacker might not know the encryption algorithm nor keys used.

Chosen chipertext attack: This is almost the same with the chosen plaintext attack. Here the attacker can successfully decrypt chosen chipertext to plaintext. He will then proceed to alter the decrypted data and observe the outcome. Again the attacker might not know the encryption algorithm nor the keys used.

Sniffing: The attacker here records the traffic when its up and later study it to extract information like keys, algorithm etc.

Man in the Middle: The attacker here becomes an intercept. It goes like this; the attacker will successfully intrude into a communication and alter the message before letting it reaches its destination.  Literary the data that will reaches the destination is altered.

Social Engineering: This can be very effective in cracking encryption. social engineers are very sophisticated and can extract information from users if the users are not welled trained. We have already discuss this our introduction to ethical hacking under types of hacking.

Reference:Sybex CEH
Labels:

Comments

Post a Comment

Popular posts from this blog

Powerful words from Steve Jobs on his sick bed

Powerful message. Steve Jobs’ Last Words - I reached the pinnacle of success in the business world. In others’ eyes, my life is an epitome of success. However, aside from work, I have little joy. In the end, wealth is only a fact of life that I am accustomed to. At this moment, lying on the sick bed and recalling my whole life, I realize that all the recognition and wealth that I took so much pride in, have paled and become meaningless in the face of impending death. In the darkness, I look at the green lights from the life supporting machines and hear the humming mechanical sounds, I can feel the breath of god of death drawing closer… Now I know, when we have accumulated sufficient wealth to last our lifetime, we should pursue other matters that are unrelated to wealth… Should be something that is more important: Perhaps relationships, perhaps art, perhaps a dream from younger days ... Non-stop pursuing of wealth will only turn a person into a twisted being, just l...
Post a Comment
Read more

Introducing Microsoft Surface pro 3

Surface Pro 3      On Monday rumors was circulating the online journals regarding next surface pro tablet. Online journals and news sites  on Monday leaked image of the device was circulating, not knowing that the company will officially announce the device the next day. The surface tablet is just too much because it comes with a stylus and the screen was optimized to take a full handwriting future just like your normal paper, microsoft solve the issues users faces while using stylus to write on so many devices, where placing palm on the screen while writing result in unwanted drawings. Here we must say thank you to samsung for bringing back stylus into the mobile world in its Note series tablet and mobile phones. The awesome device comes with a slim removable keyboard for ease typing.      The surface pro 3 according to Microsoft can replace laptops, meaning normal .exe files that runs on windows pc or laptops can be installed on this sexy device. ...
Post a Comment
Read more

Microsoft Office for Tablet now on Google Play store

Back in November, Microsoft opened up early previews builds for its new mobile Office applications for Android tablets to those willing to sign up and wait for an invitation. After taking on feedback over the past couple of months, Microsoft has announced that it is expanding its preview scheme by releasing its Office applications to everyone directly through the Google Play Store. The new Office software for mobile unifies Android, IOS, and Windows platforms. Previously each platform had to make do with its own apps, meaning that feature sets differed depending on your operating system and updates were often slow and intermittent. By unifying the Office platform, Microsoft hopes to bring updates and new features to users in a timelier manner. There are still a couple of conditions attached to the preview builds though. Firstly, Office is still limited to ARM-based Android tablets with a screen size between 7 and 10.1 inches. Your tablet will also need to be running Ki...
Post a Comment
Read more