On Tue, May 23, 2006 at 10:28:17AM +0100, Jonathan McDowell wrote:
On Mon, May 22, 2006 at 04:22:54PM -0500, chrisisbd@leary.csoft.net wrote:
On Mon, May 22, 2006 at 10:11:11PM +0100, Jonathan McDowell wrote:
The only thing that's provably secure is a one time pad. Even a symmetric key algorithm can be brute forced. The key is to ensure that the algorithm and key length you choose is not feasibly brute forceable before universe heat death.
You can *only* brute force surely if you know a significant chunk of the result of decrypting the data before you start, otherwise how does the brute force approach know when it's got a hit?
Known plain text attacks are a specific type of cryptographic attack, but aren't the only one. All you need for brute force is the ability to know when you've succeeded;
Exactly! So if I send my encrypted messages in French or Polish for example you can brute force attack for ever and you'll never break it.
this may be because you actually know some
plain text (eg a file header) or it may be because you can do statistical analysis of the output (eg you expect English, so when what you're getting out looks like English text you've probably got somewhere).
That "statistical analysis" will surely add a huge amount of time to the testing as you try each key though won't it? It would make a nonsense of the oft-quoted figures for breaking given algorithms, all those (I assume) depend on the assumption that you have an exact and instant test available to see if you have a 'hit'.