Adu-Gyamfi Daniel (Graduate Student, uestc) Guided By: Prof.

Wang Yong (uestc)

Some Principles/Techniques: Symmetric Cipher Model Substitution Technique > Transposition Technique >

2 basic building blocks of Enc. Tech.

The Symmetric Cipher Model:

Cryptography (X) Considered not enough Cryptanalysis () Research emphasise here Brute Force Attack/Search () My Concern

Basic Definition: Act of deciphering cipher text without knowing key

MESSAGE /Plaintext recovery & KEY recovery Most Importantly KEY recovery
Plaintext e.g. English, Chinese, EXE file, A/c file, Java source listing/code

Depend on:

Nature of Info. Available

Encryption Scheme/Algorithm
WHY?

Cryptanalysis attacks rely on the nature of the algorithm plus perhaps some knowledge of the general xtics of the plaintext or even some sample plaintext-ciphertext pairs.

Attackers have problem when; ONLY ciphertext available UNKNOWN Algorithm : some cases If so; Then we can have some defense Why? Opponent have least information to work with

Objective of attacking an encryption system is more importantly, to recover the key in use in the system, rather than just to recover the plaintext of a single ciphertext.

5 known possibilities (types) of Attack

Thus: Based on what is Known to the Cryptanalyst

ciphertext only

only know algorithm & ciphertext, is statistical, know or can identify plaintext

known plaintext

know/suspect plaintext & ciphertext

select plaintext and obtain ciphertext select ciphertext and obtain plaintext select plaintext or ciphertext to en/decrypt

chosen plaintext

chosen ciphertext

chosen text

Terminologies T = 2 exp n - 1 N = 2 exp n N Number of Alternative keys /Key Size T Time required at 1 Decryption Y = E(K,X) Y, transmitted ciphertext X = D(K,Y) X, received plaintext/decip E,D Encryption, Decryption Algorithm K- KEY (Secrete Key Shared by Sender/Recipient

SIMPLIFIED MODE Refer Symmetric cipher model

S A M M Y

XXXX

S A M M Y

DANNY

always possible to simply try every key most basic attack, proportional to key size assume either know / recognise plaintext
Number of Alternative Keys 232 = 4.3 109 256 = 7.2 1016 2128 = 3.4 1038 231 s 255 s 2127 s Time required at 1 decryption/s = 35.8 minutes = 1142 years = 5.4 1024 years Time required at 106 decryptions/s 2.15 milliseconds 10.01 hours 5.4 1018 years

Key Size (bits)

32 56 128

168

2168 = 3.7 1050

2167 s

= 5.9 1036 years

5.9 1030 years

26 characters (permutation)

26! = 4 1026

2 1026 s = 6.4 1012 years

6.4 106 years

A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Another type of bruteforce attack is a program that runs through all letters or letters and numbers until it gets a match.

A brute force attack is a particular strategy used to break your lovingly crafted password. This is the most widely used method of cracking passwords and it involves running through all the possible permutations of keys until the correct key is found. For example, if your password is 2 characters long and consists of letters and numbers and is case sensitive, then a brute force attack would see a potential 3,844 different guesses at your password.

This is because: First character: lower case letters (26) + upper case letters (26) + numbers (10) = 62 Second character: same = 62 Total permutations = 62*62 = 3,844

What have you learnt? May be on length and time You can see that the longer the password, the more guesses and time are needed for the brute force attack to be successful.

Brute Force Attack Assumptions Here assumptions is the wrong word, but youll see why as we proceed. To cut down the time it takes to find the correct password, the cracking algorithm will look for popular patterns in words. For example, if the password is security, the following will be tried first: security Security SecuRity SECURITY

These guesses take precedence, because they are more popular ways of representing the password. That is, the crackers take into account human behaviour.

If the password was SecURiTy, it would eventually get cracked, but it would take more time. Cracking algorithms also take into account the tendency of people to make their passwords easy to remember, by incorporating meaningful sequences of characters like real words. This gives the cracker an opportunity to make educated guesses using these predictable patterns of characters.

The brute force attack will still try every permutation of characters, but it will start with commonly used ones first, in an attempt to reduce the time it takes to crack the password.

time required for Brute Force Attack depending on the password length and used character set. It is assumed that the attack is carried out on a single computer and the brute force speed is 500 000 passwords per second.

How Long Does It Take To Crack A Password The time required to crack a password is dependant on: How long the password is. How many characters are allowed in each position (uppercase, lowercase, numbers, special characters).

Although a brute-force attack is powerful and may be able to gain access to an account eventually, these attacks can take several hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is and how well the attacker knows the target.

Password Cracking Tools According to @stake, the Rolls Royce of password auditing tools, their LC5 password auditing tool includes pre-computed password tables containing trillions of password hashes that have been computed in advance of the password auditing and recovery process. Trillions. Thats right, Trillions.

A strong, humanly generated 8 character password consisting of a few upper and lower case letters, a couple of numbers and a special character or two approaches approximately only 100 billion combinations. This means that hacker can decode your password as long as he somehow sniffs or captures your encoded password being passed or stored at the host/client.

Lets see that from: Excel/Word file

Table: We can deduce that; time required for Brute Force Attack depending on the password length and used character set. It is assumed that the attack is carried out on a single computer and the brute force speed is 500 000 passwords per second.

To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts, the system will either lock them out of the system or prevent any future attempts for a set amount of time.

Modern Password Generators Thwart Cracking Tools Only purely random passwords, generated by special purpose generator tokens, drawing from the largest ASCII character sets available can keep a step ahead of these cracking programs.

Summary: Time Required -: Very little in case of short passwords and absolutely unacceptable amount in case of long passwords What is Recovered -: Original password Guaranteed result? -: Yes (if the password satisfy the requirements and the required time is acceptable) Requisites/Limitations-:The area of application is limited by the amount of time required. Passwords that can be recovered: Any password Pros Versatility; guaranteed result

Cons -: Much time required along with certain experience and understanding of the process International/Localization issues If the password contains non-Latin characters, custom characters sets (with these characters included) are required to recover it. Supported by the following LastBit software Word Password, Excel Password, Zip Password, VBA Password, OneNote Password, PowerPoint Password, WinPassword, PwlTool

[1]Wang Yong. Network Security class notes. uestc.,2012. [2]http://www.mandylionlabs.com/PRCCalc /BruteForceCalc.htm [3] http://lastbit.com/rm_bruteforce.asp [4] http://www.mandylionlabs.com/index15.htm