Dark Mode
Capec-20 Detail
Encryption Brute Forcing
Standard Software Likelihood: Low Typical Severity: Low
Parents: 112
Threats: T71 T263 T271 T279 T292 T307 T385 T398
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-20 | capec | https://capec.mitre.org/data/definitions/20.html | |
| CWE-326 | cwe | http://cwe.mitre.org/data/definitions/326.html | |
| CWE-327 | cwe | http://cwe.mitre.org/data/definitions/327.html | |
| CWE-693 | cwe | http://cwe.mitre.org/data/definitions/693.html | |
| CWE-1204 | cwe | http://cwe.mitre.org/data/definitions/1204.html |
Explore
-
Determine the ciphertext and the encryption algorithm.
Experiment
-
Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense.
- Ciphertext is known.
- Encryption algorithm and key size are known.
- A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge). On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext. Obviously as N gets large the brute force approach becomes infeasible.
| Low |
|---|
| Brute forcing encryption does not require much skill. |
| Confidentiality |
|---|
| Read Data |
- In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days.