Password analysis


Password Analysis This word is sometimes used to refer to an attempt to wind a password algorithm or password protocol, not just for encryption algorithms. However, cryptographic analysis usually does not include attacks that are not primarily for password algorithms or protocols.

Although the objective analysis of the password analysis is the same in the history of cryptography, the methods and techniques actually used will become more complicated with cryptosystems. The cryptographic algorithm and agreement from ancient times to develop only tools such as paper, the Ennigma tag (also known as "Mystery", German: ENIGMA, until the current electronic computer-based program. The cryptographic analysis has also changed, and there is no longer possible to successfully crack the password without restriction. In fact, only a few attacks are actual. In the mid-1970s, public key cryptography has developed as an emerging cryptographic branch, and the method used to crack these public key systems is completely different, usually need to solve the pure-morphology problem that is carefully constructed. The most famous of which is the large number of quantities decomposition.

Classic Cryptography

Despite the password analysis of this word (established by Williamfriedman), the method of cracking password and cryptographue machine has been a long time. The world's earliest crack password method can be traced back to "AmanuscriptondecipheringCryptographicMessages" in Jiu Dipples, "Cracked Passage Information", which discusses the method of frequency analysis.

frequency analysis is a basic method of cracking a classic password. In the natural language, some letters in the alphabet are more frequent than other letters. For example, in English, the letter E is likely to have the highest frequency in any text sample. Similarly, the two letters even in TH are the most likely letters. The frequency analysis method assumes that the password does not hide such statistics. For example, in a simple replacement password, each letter is simply replaced with another letter, then the maximum frequency of frequencies in ciphertext is most likely E.

Frequency analysis method is also required to use linguistics in addition to the need to use statistics. However, as the password algorithm is more complex, cryptographic analysis has gradually become mainly dependent on mathematical methods. This change is the most obvious in the Second World War. At that time, in order to crack the password of the axis, it is necessary to develop more complex mathematical methods. Moreover, automatic calculation also is applied to password analysis, such as a password bomb (Bomba), and one of the earliest computers - giant computer (Colossus).

Modern Password Analysis

Although the application of computers in the Second World War makes the cryptographic analysis easier, this also makes the complexity of new cryptography have risen several orders. . Overall, the crack password is more difficult to say in modern paper and pen. It seems that cryptography has already placed the wind. Davidkahn said this: "Today, many password systems provided by hundreds of merchants cannot be cracked by known password analysis methods. Indeed, in such cryptographic systems, even if they choose clear text Attack, that is, an attacker can choose a clear text and compare the corresponding ciphertext, and cannot find a key that can be used to unwind other encrypted information. In a sense, the password analysis is dead. However, the story is not yet End. The cryptographic analysis may be dead, but in a case of improper, in fact, the avenue of the Avenue is Rome. "Speech at the 50th Anniversary of the National Security Bureau on November 1, 2002). Karn then mentioned that the possibility of other attack methods increased. For example, intercept attacks, eavesdropping, side channel attacks, and using quantum computers instead of traditional computer for password analysis.

Kahn may be too early for the interruption of password analysis. Insensitive passwords are not extinct, the cryptographic method of US national intelligence agencies has not been opened. In the academic circles, the new password is constantly designed and often crack. In 1984, the Madryga group password was crackled by a Custody. In 1998, it was originally proposed to replace the group password of the DES standard encryption algorithm, which was also died because of many similar and practical attacks were discovered by the academia. In the industry, many passwords have also been found with vulnerabilities. For example, the A5 / 1, A5 / 2, and CMEA algorithms used in the mobile phone can be cracked in real time in a few hours, within a few minutes, within a few minutes. In 2001, wired equivalent encryption protocols used to protect wireless Wi-Fi networks (or Wireless Encryption Protocol , WEP) can also be cracked by related key attacks.

Password analysis

The consequences of cryptographic analysis

undoubtedly, successful cryptographic analysis affects history of history. Can understand that others think that it is a secret idea or plan, this ability can become a decisive advantage. This is especially true during war. For example, in the First World War, successfully cracking the Qi Merman Telegraph is the direct cause of the US participation in the war. In the Second World War, the successful crack of German passwords, including the Ennigma DISCO (ENIGMA) and Luorenzcipher, and the consequences have ended from the European battlefield a few months, to the whole The war has decisive role, and various statements have. The United States also benefits from the cryptographic analysis of Japan's PURPLE password.

The Government of some countries has already realized that password analysis is the importance of intelligence collection, whether it is for military or diplomacy. These countries have also established institutions specializing in coding passwords, such as the British Government Communication Headquarters (GCHQ), and the US National Security Agency (NSA), which are very active today. In 2004, there was reported that the United States successfully cracked the password of Iran, but this is a pure password analysis or other factors, it is not clear.

Category of successful cryptographic analysis

For password analysis, it is also different. Cipher Larsknudsen will divide the packet password in 1998 to the following categories:

completely crack - the attacker gets a secret key. Global Deductive - an attacker gets a comparative algorithm for encryption and decryption, although it may not be known. Example (Partial) Deduction - An attacker has obtained a plain text (or ciphertext) that before some attacks. Information Deductive - An attacker has obtained some of the previously unknown scented scented scented scented scented scented scented scented scented scenic. The resolution algorithm - an attacker can distinguish between encryption algorithms and random arrangements. Similar categories can be made for other types of cryptographic algorithms.

can divide the password analysis into the following three cases.

(1) CipherTextonly

For this form of cryptographic analysis, the extraciptists are known to have only two: encryption algorithms, to be decompiled ciphertext.

(2) KnownPlaintext)

In known clear text attacks, the desired thing is known to include: an encryption algorithm and a key encrypted one or A plurality of plaintext-ciphertext pairs, you know a certain number of ciphertext and corresponding plaintext.

(3) Selecting a clear text attack (chosenplaintext)

Selecting the translators of the plaintext attack In addition to knowing the plus algorithm, he can also select the plain text message, and you can know the corresponding encryption. Ciphertext, that is, knowing the selected plain text and corresponding ciphertext. For example, in the public key cryptographic system, the attacker can use the public key to encrypt him any selected plaintext, which is to choose a clear text attack.

(4) Select Ciphertext Attack (Chosenciphertext)

corresponds to the selection of plaintext attacks, in addition to knowing the plus algorithm, including the ciphertext and corresponding The original text of the decrypted, that is, knows the selected ciphertext and corresponding plaintext.

(5) Select Text Attack (Chosentext)

Select Text Attack is a combination of selection of clear text attacks and selection ciphertext attacks. Subgrain is known to: encryption algorithm, a clear text message selected by a password, and its corresponding ciphertext, and a speculative ciphertext selected by a password fragmentation and its correspondingly decipherable plaintext.

is obvious, but the crush attack is the most difficult because the analyst is available at least, and the intensity of the above attack is increasing. A cryptographic system is safe, usually refers to security under the top three attacks, that is, an attacker is generally easy to have the conditions for the first three attacks.

Related Articles