Encryption
To understand what a brute force attack is, we must first understand the technology that is designed to attack. This technology that I speak of is data encryption. Data Encryption is used to protect code and other information from prying eyes by changing the data based upon keys, which are essentially complicated, lengthy passwords. To obtain access to the data it is necessary to have the key, otherwise the information is rendered useless.
Motive
It is in the interest of some parties, such as hackers, law enforcement, intelligence agencies, etc, to break this encryption and gain access to the data contained within. Brute force attacks are one method used to discover the key needed to unlock the data. It is by far the most rudimentary cracking process, involving trying every combination possible. Imagine forgetting a friend’s phone number and starting at 100 – 0000. And since guessing the right number gets exponentially harder every time a new number set is introduced it could take years to do even for the fastest dialer. In the same way computer systems, hardware or software, attempting to crack a key are limited by power, heat and other variables, as described in the laws of thermodynamics, making extremely long keys impractical to crack.
Entropy
However, a lot of attacks are inherently easier as some may have already noticed from the example above. If you really were to forget a phone number you would know based upon certain outside variables such as country, state, county, city, etc, that many choices can be eliminated. Many numbers can be considered either completely impossible or at the very least, very improbable. As you get more exact with your friend’s lost number the less random choices you would need to make to guess the correctly. This once daunting number starts to seem a little tamer. Certain outside factors such as pressure and temperature can affect a computer systems ability to choose numbers in a random way. This slight leveling of Einstein’s playing field, made possible by the study of entropy, enables brute force attacks to crack keys that seem to be statistically impossible.
Breakdown
Ultimately, using the right encryption combined with the technology available today, brute force attacks are on the loosing team. They are simply unable to tackle the insurmountable mountain of number combinations made available by modern encryption technology. Even advanced hardware designed specifically for the task ultimately will fail when matched with against current encryption methods. So, don’t forget your key inside one of these monsters, the lock smith won’t be much help.
Apart from social engineering exist two ways to break an encryption key like AES, brute force and cryptanalysis. Find out here whether AES encryption can be cracked any time soon, along with the latest AES development and recommendations from IT security evangelist Bruce Schneier.
Besides social engineering exist two ways to break any encryption key, brute force and cryptanalysis. After the introduction we look at why AES and similar encryption schemes are secure against brute-force attacks using computer power to crack a key. Then you will find the latest development from the studies of AES by means of cryptanalysis. If you are not familiar with encryption it is recommended reading Bright Hub’s article What is AES Encryption? and Types of Encryption.
Brute Force
Mathematicians have discovered that any positive integer greater than one can be expressed as the product of its prime factors; the prime decomposition of the number 22 for instance is 2 x 11. There are a number of algorithms for integer factorization, but the difficulty and complexity to find the prime factor increases at the last sub-exponentially with the size of the integer.
This essentially means that the prime decomposition of large numbers is computationally infeasible with traditional computers. As the strongest encryption algorithms in use today, such as, for instance, Rijndael, which has become the Advanced Encryption Standard (AES), employ large integer factorization, AES in unbreakable – again with the premise of traditional computers in mind.
A quantum computer operating on qubits instead of bits offer polynomial speed for some computing problems including Integer factorization, so that taking into account Cobham’s thesis we know that the traditional encryption algorithm keys can be feasibly computed. Therefore, when quantum computing gets out of the lab will ciphertext produced by traditional cryptography no longer be secure.
Cryptanalysis
The Advanced Encryption Standard can be used with 256-bit keys, immune against Moore’s Law for the years to come. However, cryptanalysts studying the inner working of an algorithm are constantly trying to find a weakness in the encryptions algorithms or to break it. Most “vulnerabilities” are usually of rather theoretical nature, so there is nothing to worry about for an ordinary computer user as the subject is being watched and followed by the IT security community which has been trying to crack publicly documented encryption schemes including AES for years.
Yet, it was only recently when Bruce Schneier, the inventor of Twofish and Blowfish AES competitors stipulated “that the safety margin of AES is much less than previously believed [1].” Schneier demands that AES implements more round of Rijndael for any key length “and for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the foreseeable future