CAPEC-20 Détail

CAPEC-20

Nom

Encryption Brute Forcing

Probabilité d'attaque

Bas

Gravité typique

Bas

Statut

Draft

Publié

2014-06-23
00h00 +00:00

Modifié

2021-06-24
00h00 +00:00

Liens officiels

CAPEC Mitre.org

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CAPEC

Restez informé de toutes modifications pour un CAPEC spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CAPEC ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Descriptions du CAPEC

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.

Informations du CAPEC

Flux d'exécution

1) Explore

Determine the ciphertext and the encryption algorithm.

2) Experiment

Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense.

Conditions préalables

Ciphertext is known.
Encryption algorithm and key size are known.

Compétences requises

Brute forcing encryption does not require much skill.

Ressources nécessaires

A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge).

On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext.

Obviously as N gets large the brute force approach becomes infeasible.

Atténuations

Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.
In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.

Faiblesses connexes

CWE-ID	Nom de la faiblesse
CWE-326	Inadequate Encryption Strength The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
CWE-327	Use of a Broken or Risky Cryptographic Algorithm The product uses a broken or risky cryptographic algorithm or protocol.
CWE-693	Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-1204	Generation of Weak Initialization Vector (IV) The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

Soumission

Nom	Organisation	Date	Date de publication
CAPEC Content Team	The MITRE Corporation	2014-06-23 +00:00

Modifications

Nom	Organisation	Date	Commentaire
CAPEC Content Team	The MITRE Corporation	2021-06-24 +00:00	Updated Related_Attack_Patterns, Related_Weaknesses

Détail du CAPEC-20