Re: Breaking DES if you know the answer?

From: Phil Carmody (thefatphil_demunged_at_yahoo.co.uk)
Date: 11/28/03 

Date: 28 Nov 2003 03:53:19 +0200

glen.burson@virgin.net (Glen Burson) writes:

> Hello,
>
> Apologies if this has been asked before, I know very little about
> cryptography but I'm trying to establish how secure our system is.
> I've looked around and can't see this specific question.
>
> My question:
>
> I've read a few articles about how it would take many, many years to
> do a brute force attact on DES (unless you have special hardware).
>
> But is it possible to discover the key if you know the answer to the
> problem? What I mean is that if I have an encrypted string e.g.
> sdlkjsklj23u0ioj;'=sdklj;2309ds, and I know it decrypts to "hello
> glen", can I figure out the key?
>
> This would then allow me to decrypt other strings for which I don't
> what they decrypt to...

All the security in the system should reside in the key.
So in theory, for a serious cryptosystem, the only actual weakness
is if part (or all) of the key is discovered, and no number of
plaintext-cyphertext pairs should decrease the system's security.
I recommend you pop to the library and look at something like
Bruce Schneier's Applied Cryptography (2nd. Ed.). It discusses
several different 'attacks'. Look out for things like (i.e. if
you can't get to a library, maybe google will help) known-plaintext
attacks and chosen plaintext attacks.

Phil 

-- 
Unpatched IE vulnerability: Timed history injection
Description: cross-domain scripting, cookie/data/identity 
             theft, command execution
Reference: http://safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
Exploit: http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-MyPage.HTM

Relevant Pages

  • Re: Password scrambler program
    ... No one is helped or interested in cryptography that only protects against uninterested and unfunded passers-by. ... Cryptography as much as is possible, resists attacks and attackers who will spend time and money trying to break the system, who don't do the expected and don't play by the rules. ... The software fails at the very first hurdle. ... This program protects you from other people who may have access to your computer by generating them for you with a secure random number generator and protecting those passwords with encryption relying on you needing to remember only one, hopefully better, password and adding to the protection with password stretching. ...
    (sci.crypt)
  • Re: Password scrambler program
    ... No one is helped or interested in cryptography ... environment is harsh but criticisms are not generally personal attacks. ... software fails at the very first hurdle. ... them for you with a secure random number generator and protecting those ...
    (sci.crypt)
  • Re: [PATCH resend][CRYPTO]: RSA algorithm patch
    ... I'd rather code to the PKCS#1 RSA Cryptography Standard ... if not using constant-time crypto implementations) and not ... and combined attacks can give enough information. ... in security there is always a threshold, ...
    (Linux-Kernel)
  • Re: New cryptanalysis book coming out!
    ... Why all of the venom in your hatred-filled email response? ... information about the process of finding attacks. ... required in an extremely basic introductory class in cryptography, oh yeah, ... primary sources are always better than the at least secondary and ...
    (sci.crypt)
  • Re: [fw-wiz] Top Secret DOD Data over the Public Internet? Thoughts?
    ... availability attacks. ... Bearing in mind they would essentially use cryptography to maintain ... integrity, continuous packet modification by an intermediary could ... Points of attack could be where their packets utilise portions of the ...
    (Firewall-Wizards)