CAPEC - CAPEC-20: Encryption Brute Forcing (Release 1.4)

Home > CAPEC List > CAPEC-20: Encryption Brute Forcing (Release 1.4)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List

News & Events
Calendar
Free Newsletter

Contact Us
Search the Site

CAPEC-20: Encryption Brute Forcing

Encryption Brute Forcing

Attack Pattern ID: 20 (Standard Attack Pattern Completeness: Complete)

Typical Severity: Low

Status: Draft

Description

Summary

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.

Attack Execution Flow

Determine the ciphertext and the encryption algorithm.
Perform an exhaustive brute force search of the keyspace, producing candidate plaintexts and observing if they make sense.

Attack Prerequisites

Ciphertext is known.

Encryption algorithm and key size are known.

Typical Likelihood of Exploit

Likelihood: Low

Methods of Attack

Brute Force

Examples-Instances

Description

In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the keyspace to cover. The ciphertext was decrypted in 96 days.

Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Brute forcing encryption does not require much skill.

Resources Required

A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).

On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.

Obviously as N gets large the brute force approach becomes infeasible.

Indicators-Warnings of Attack

None. This attack happens offline.

Solutions and Mitigations

Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.

In theory a brute force attack performing an exhausitve keyspace search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.

Attack Motivation-Consequences

Information Leakage

Related Weaknesses

CWE-ID	Weakness Name	Weakness Relationship Type
326	Weak Encryption	Targeted
693	Protection Mechanism Failure	Targeted
719	OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage	Secondary

Related Attack Patterns

Nature	Type	ID	Name	Description	View(s) this relationship pertains to
ChildOf	Attack Pattern	112	Brute Force		Mechanism of Attack (primary)1000
ParentOf	Attack Pattern	97	Cryptanalysis		Mechanism of Attack1000

Content History

Submissions
Submitter	Organization	Date
Eugene Lebanidze	Cigital, Inc	2007-02-26

Modifications
Modifier	Organization	Date	Comments
Sean Barnum	Cigital, Inc	2007-03-01	Review and revision of content
Richard Struse	VOXEM, Inc	2007-03-26	Review and feedback leading to changes in Description, Resources Required and Context Description
Sean Barnum	Cigital, Inc	2007-04-13	Modified pattern content according to review and feedback

Page Last Updated: September 23, 2009


	CAPEC is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. Vision and Technical Leadership provided by Cigital, Inc. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us