I am not a specialist in cracking encryption, so I always wondered how one
actually determines that a brute-force attack succeeded. Trying all the
iterations of keys is fine, but how do I determine that I got the right one?
Is there something in the algorithm that allows the program to detect that
it got the right key, or do you look for something that resembles English
words? If this is true, then running a compress first would mess up that
strategy.
How does this work?
Thanks
Philipp
On Wed, 15 Apr 1998, Matthew Skala wrote:
> On Fri, 10 Apr 1998, jOe wrote:
> > Am I right say that:
> > Besides weak ciphers, the 48 bit Pre Master Secret is the next alternative
> > for a brute force attack to be carried out on a SSL session, since all the
> > session keys and MAC keys are derived (mainly) from this 48 bit value.
>
> No. The pre-master secret is 48 *bytes* (which is the same as 384 bits).
> That is a great deal more than 48 bits. Even if a brute-force attack on a
> 384-bit keyspace were conceivable (and it's highly questionable for
> thermodynamic reasons), this would not be the next choice. The next
> choice for a brute-force attack would be to attack the session keys
> derived from the pre-master secret, since they are typically only 128
> bits. It might be better to attack the public key algorithms; public-key
> strength is harder to measure, but a typical public key will often be less
> strong against brute force than a 128-bit session key.
>
> "Let me lose so beautifully http://www.islandnet.com/~mskala/
> Let me lick the dew from the money tree Matthew Skala
> Have the moms of the world all care about me Ansuz BBS
> At suppertime" - Odds (250) 642-7820
>
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/ |
> +-------------------------------------------------------------------------+
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Philipp Schaumann, Control Data Systems, Singapore
Tel.: home-office (65) 271 7243, CDS-office (65) 256 9011
office-fax: (65) 256 9021, home-fax (65) 274 2415
office: 51, Goldhill Plaza #14-11, Singapore 308900
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
