Live Journal about blowfish |

Encryption

To understand what a brute force attack is, we must first understand the technology that is designed to attack. This technology that I speak of is data encryption. Data Encryption is used to protect code and other information from prying eyes by changing the data based upon keys, which are essentially complicated, lengthy passwords. To obtain access to the data it is necessary to have the key, otherwise the information is rendered useless.

Motive

It is in the interest of some parties, such as hackers, law enforcement, intelligence agencies, etc, to break this encryption and gain access to the data contained within. Brute force attacks are one method used to discover the key needed to unlock the data. It is by far the most rudimentary cracking process, involving trying every combination possible. Imagine forgetting a friend’s phone number and starting at 100 – 0000. And since guessing the right number gets exponentially harder every time a new number set is introduced it could take years to do even for the fastest dialer. In the same way computer systems, hardware or software, attempting to crack a key are limited by power, heat and other variables, as described in the laws of thermodynamics, making extremely long keys impractical to crack.

Entropy

However, a lot of attacks are inherently easier as some may have already noticed from the example above. If you really were to forget a phone number you would know based upon certain outside variables such as country, state, county, city, etc, that many choices can be eliminated. Many numbers can be considered either completely impossible or at the very least, very improbable. As you get more exact with your friend’s lost number the less random choices you would need to make to guess the correctly. This once daunting number starts to seem a little tamer. Certain outside factors such as pressure and temperature can affect a computer systems ability to choose numbers in a random way. This slight leveling of Einstein’s playing field, made possible by the study of entropy, enables brute force attacks to crack keys that seem to be statistically impossible.

Breakdown

Ultimately, using the right encryption combined with the technology available today, brute force attacks are on the loosing team. They are simply unable to tackle the insurmountable mountain of number combinations made available by modern encryption technology. Even advanced hardware designed specifically for the task ultimately will fail when matched with against current encryption methods. So, don’t forget your key inside one of these monsters, the lock smith won’t be much help.

Here’s all you want to know about AES Encryption, the Advanced Encryption Standard which implements symmetric cryptography by means Rijndael algorithm in key lengths of 128, 192 and 256 bits.

AES, short for Advanced Encryption Standard, is a widely adopted symmetric encryption scheme used, for instance, to secure electronic communication and messages. AES – as its name implies – has been the outcome of standardization and evaluation process which took years to select from the best encryption algorithms. Finally, in 2001, the Rijndael algorithm has been chosen as winner by the US National Institute of Standards and Technology (NIST) to be implemented as underlying security algorithm of the AES standard which as of the these days has largely replaced its predecessor and derivates of DES (Data Encryption Standard) which is longer considered secure due to its small 56-bit key length for example.

The Rijndael algorithm, invented by two cryptographers Vincent Rijmen and Joan Daemen, implements the mathematical operations substitution, transposition, as well as permutation to plaintext, the term used to describe input in the cryptography domain. The AES Advanced Encryption Standard uses 10 rounds of these algebraic operations in a complex scheme to produce encrypted output, or cipher text as it is called in expert terms. AES-192 and AES-256 have 12 and 14 rounds, respectively.

In the AES implementation of Rijndael the algorithm operates on 128 bits block ciphers, and comprises key lengths of 128, 192 and 256 bits. It is common to refer to the symmetric key AES encryption standard as AES-128, AES-192 and AES-256 depending on the key strength. More about encryption can also be found in Bright Hub’s article Types of Encryption which explains the difference between asymmetric and symmetric encryption also shedding a light on stream and block ciphers.

Whereas cryptography aims at securing plain text does cryptanalysis try to break the key or underlying algorithm of an encryption scheme, Rijndael in the case of AES here. Cracking a 256-bit key is computationally infeasible but cryptanalysts who are aware of the inner working of Rijndael and who apply much more sophisticated methods than brute-force believe that the security margin is narrowing. Check out our article Can AES Encryption be Cracked? which takes into account the latest news about the security or strength of AES.