On Mon, May 22, 2006 at 04:22:54PM -0500, chrisisbd@leary.csoft.net wrote:
On Mon, May 22, 2006 at 10:11:11PM +0100, Jonathan McDowell wrote:
The only thing that's provably secure is a one time pad. Even a symmetric key algorithm can be brute forced. The key is to ensure that the algorithm and key length you choose is not feasibly brute forceable before universe heat death.
You can *only* brute force surely if you know a significant chunk of the result of decrypting the data before you start, otherwise how does the brute force approach know when it's got a hit?
Known plain text attacks are a specific type of cryptographic attack, but aren't the only one. All you need for brute force is the ability to know when you've succeeded; this may be because you actually know some plain text (eg a file header) or it may be because you can do statistical analysis of the output (eg you expect English, so when what you're getting out looks like English text you've probably got somewhere).
J.