Attacks Adjoin Cryptosystems
Even with a able algebraic basis, cryptosystems are accessible to the afterward types
of attacks:
• Brute-force attack. Back all abeyant key ethics are approved until one is successful.
This is around absurd with today’s key admeasurement of 128 $.25 or college (requiring 2128
computations!).
• Dictionary attack. Instead of aggravating all accessible key values, alone a brace of them are
tried—those ethics that become English words back coded in ASCII. This advance is
the acumen why aggregate keys charge be anxiously chosen, finer by application a random
number architect (even the accepted bold die with 6 faces can be acclimated to accomplish digit
by chiffre a cardinal in abject 6—or alike better, application a ten-sided die like that acclimated in
specific games, such as Dungeons & Dragons).
• Crypto analysis. Run by mathematicians aggravating to breach the all-encompassing algorithm. A
common advance is to appraise the encrypted advice back the apparent altercation (for that
encrypted data) is known. Many of the aboriginal wireless LAN (WLAN) attacks acclimated this
type of attack.
20 Chapter 1: Introduction to Security
• Man-in-the-middle (MITM) attack. Back an antagonist pretends to be Bob when
talking to Alice and, at the aforementioned time, assuming to be Alice back talking to Bob. In
this case, both Alice and Bob accept that they are talking anon to anniversary other, but
this is not the case because the antagonist is amid them and can ambush messages.
• DoS attack. Because cryptosystems are usually CPU intensive, an antagonist can
simply flood a victim with affected messages, and the victim wastes CPU assets trying
to break or analysis the abstracts agent of those affected messages.
The Chess Archetype for MITM
The classical archetype of a MITM advance is the bet you can accomplish with a friend: I bet that I
can exhausted at atomic one of the two best chess players alike back arena adjoin both of them
at the aforementioned time. Note: For the artlessness of the argument, we shall accept that “pat”
situation—this is cipher wins—does not exist.
If the two best chess players are Alice and Bob, you alone accept to accomplish abiding that Alice takes
the white ancillary and Bob the atramentous side. So Alice plays the aboriginal and, for example, moves a
knight to a specific position. You artlessly accept to accomplish the actual aforementioned move adjoin Bob.
Then you delay for Bob’s move and carbon it adjoin Alice.
In short, you do annihilation at all but carbon Bob’s moves adjoin Alice and Alice’s moves
against Bob. In fact, Alice plays adjoin Bob because you do nothing!
Let’s accept now that Alice wins. So you lose to Alice but because you mimicked Alice
against Bob, you win adjoin Bob. And you win your bet with your friends!
You can anticipate MITM attacks by allegorical the protocols in a defended way and by relying
on able affidavit afore exchanging data. Chapters 5, 6, and 7 awning some specific
MITM attacks.