On Tue, May 23, 2006 at 04:37:32AM -0500, chrisisbd@leary.csoft.net wrote:
On Tue, May 23, 2006 at 10:28:17AM +0100, Jonathan McDowell wrote:
On Mon, May 22, 2006 at 04:22:54PM -0500, chrisisbd@leary.csoft.net wrote:
On Mon, May 22, 2006 at 10:11:11PM +0100, Jonathan McDowell wrote:
The only thing that's provably secure is a one time pad. Even a symmetric key algorithm can be brute forced. The key is to ensure that the algorithm and key length you choose is not feasibly brute forceable before universe heat death.
You can *only* brute force surely if you know a significant chunk of the result of decrypting the data before you start, otherwise how does the brute force approach know when it's got a hit?
Known plain text attacks are a specific type of cryptographic attack, but aren't the only one. All you need for brute force is the ability to know when you've succeeded;
Exactly! So if I send my encrypted messages in French or Polish for example you can brute force attack for ever and you'll never break it.
They'll still look more like text than garbage though.
plain text (eg a file header) or it may be because you can do statistical analysis of the output (eg you expect English, so when what you're getting out looks like English text you've probably got somewhere).
That "statistical analysis" will surely add a huge amount of time to the testing as you try each key though won't it? It would make a nonsense of the oft-quoted figures for breaking given algorithms, all those (I assume) depend on the assumption that you have an exact and instant test available to see if you have a 'hit'.
I've no idea about the effort required for the statistical analysis of data; I'd imagine it depends somewhat on the data. I wouldn't want to trust the security of something I was planning to encrypt on how resource intensive I thought analysing the plain text was....
J.