Brute-force Attack

In Cryptanalysis , a brute force attack is a method of defeating a Cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible Key s in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally unfeasible to carry out. Accordingly, one definition of "breaking" a cryptographic scheme is to find a method faster than a brute force attack.

The selection of an appropriate Key Length depends on the practical feasibility of performing a brute force attack. By Obfuscating the data to be encoded, brute force attacks are made less effective as it is more difficult to determine when one has succeeded in breaking the code.

SYMMETRIC CIPHERS

For symmetric-key ciphers, a brute force attack typically means a Brute-force Search of the Key space; that is, testing all possible Key s in order to recover the Plaintext used to produce a particular Ciphertext .

In a brute force attack, the expected number of trials before the correct key is found is equal to half the size of the key space. For example, if there are 2⁶⁴ possible keys, a brute force attack would, on average, be expected to find a key after 2⁶³ trials.

For each trial of a candidate key the attacker needs to be able to recognize when he has found the correct key. The most straightforward way is to obtain a few corresponding plaintext and ciphertext pairs, that is, a Known-plaintext Attack . Alternatively, a Ciphertext-only Attack is possible by decrypting ciphertext using each candidate key, and testing the result for similarity to plaintext language — for example, English encoded in ASCII .

In general, a Symmetric Key cipher is considered secure if there is no method less expensive (in time, memory requirements, etc) than brute force; Claude Shannon used the term "work factor" for this.

Symmetric ciphers with keys of length up to 64 bits have been broken by brute force attacks. NSA ) can successfully attack a symmetric key cipher with long key lengths, such as a 64-bit key, using brute force. For applications requiring long term security, 128 bits is, As Of 2004 , currently thought a sufficient key length for new systems using symmetric key algorithms. NIST has recommended that 80-bit designs be phased out by 2015.

If keys are generated in a weak way, for example, derived from a guessable- Password , it is possible to exhaustively Search Over A Much Smaller Set , for example, keys generated from passwords in a dictionary. See Password Cracking and Passphrase for more information.

Ciphers with proven perfect secrecy, such as the One-time Pad , cannot be broken by a brute force attack.

THEORETICAL LIMITS

The resources required for a brute force attack scale Exponentially with increasing Key Size , not linearly. Doubling key size does not double the required number of operations, but rather squares the number of required operations. Thus, although 56 bit keys, such as those used by the obsolete Data Encryption Standard (DES) are now quite practical to attack by brute force, this is not true of much longer keys, such as those used by the more modern Advanced Encryption Standard (AES), which uses keys of at least 128 bits in length.

There is a physical argument that a 128 bit key is secure against brute force attack. The so-called Von Neumann-Landauer Limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of

\ln(2) kT

per bit erased in a computation, where T is the temperature of the computing device in Kelvin , k is the Boltzmann Constant , and the Natural Logarithm of 2 is about .693. No irreversible computing device can use less energy than this, even in principle.

The amount of time required to break a 128 bit key is also daunting. Each of the

2^{128}

possibilities must be checked. This is an enormous number, 340,282,366,920,938,463,463,374,607,431,768,211,456 in decimal. If a device could be built that could check a billion billion keys (

10^{18}

) per second, 10,790,283,070,806 (~

10^{13}

) years would still be required to exhaust the key space. By way of comparison, the Age Of The Universe is only about 13,000,000,000 (

1.3 	imes 10^{10}

) years.

(Although on average an attacker will find the key after searching only half the possible keys, this makes no practical difference given the time scales involved.)

AES permits the use of 256 bit keys. A 256 bit key requires not merely twice as long to crack as a 128 bit key, but rather

2^{128}

times as long. If a device could be built that could check a billion billion (

10^{18}

) AES keys per second, it would require a staggering 3,671,743,063,080,802,746,815,416,825,491,118,336,290,905,145,409,708 (

3 	imes 10^{51}

) years to exhaust the 256 bit key space.

It should therefore be clear that, generally speaking, 128 bit keys are impractical to attack by brute force methods using current technology and resources, and that 256 bit keys are not likely to be broken by brute force methods using any obvious future technology.

UNBREAKABLE CODES

Certain types of encryption, by their mathematical properties, cannot be defeated by brute force. An example of this is One-time Pad cryptography, where every bit has a corresponding key bit. A brute force attack would eventually reveal the correct decoding, but also every other possible combination of bits, and would have no way of distinguishing one from the other.

For example, a small 100 byte one-time pad encoded string subjected to a brute force attack would eventually reveal every 100 byte string possible, including the correct answer, but mostly nonsense. Of all the answers given, there is no way of knowing which is the correct one.

SAMPLE OF BREAKING TIME

Here are some sample times of brute force code breaking, assuming the attacker can try 100000 keys per second, the key is not case sensitive, and all letters of the English alphabet and numerals are used.

''(information gets by Hacking Time Analizer)''

SEE ALSO

Cryptographic Key Length for a fuller discussion of recommended key sizes for symmetric and asymmetric algorithms.

TWINKLE and TWIRL

40-bit Encryption

Distributed.net

MD5CRK

Unicity Distance

RSA Factoring Challenge

REFERENCES

Leonard M. Adleman, Paul W. K. Rothemund, Sam Roweis and Erik Winfree, On Applying Molecular Computation To The Data Encryption Standard, in Proceedings of the Second Annual Meeting on DNA Based Computers, Princeton University, June 10–12, 1996.

''Cracking DES — Secrets of Encryption Research, Wiretap Politics & Chip Design'' by the Electronic Frontier Foundation (ISBN 1-56592-520-3).

W. Diffie and M.E. Hellman, Exhaustive cryptanalysis of the NBS Data Encryption Standard, Computer 10 (1977), pp74–84.

Michael J. Wiener, "Efficient DES Key Search", presented at the rump session of Crypto 93; reprinted in Practical Cryptography for Data Internetworks, W. Stallings, editor, IEEE Computer Society Press, pp31–79 (1996).

EXTERNAL LINKS

Brute force attacks on cryptographic keys — a survey by Richard Clayton

DES cracking contest

www.keylength.com: An online keylength calculator

The COPACOBANA (Cost-Optimized Parallel COde Breaker) reconfigurable code breaker

phrel: A Linux utility to help prevent brute force attacks on FTP, DNS and other protocols.

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT BRUTE FORCE ATTACK

	cryptographic attacks

Information About

Brute-force Attack