Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks

Previous Topic/Section
1.4.7  Weak Keys
Previous Page
Pages in Current Topic/Section
1
Next Page
1.4.9  Social Engineering
Next Topic/Section

1.4.8  Mathematical

The short story on mathematical attacks is that a key data set with fewer possible combinations is more likely to produce a weaker key. (See 1.4.11.1). Popular belief states that 40-bit encryption is weak, and 128-bit is strong. The idea is that the longer the key, the more possible combinations will need to be tried, to find the correct key value by brute force. This is only a general statement82, as you will see when you look at WEP in 802.11.

Key length is only part of the story. Another part of the story involves the total number of possible key values. For instance, if a cracker knows that a key consists of 4 bytes, each of which holds a number between 1 and 10 (instead of a number between 0 and 255, the minimum and maximum values which can be held in a byte), that key is much weaker than a 4-byte key in which each byte can hold a number between 0 and 255.

Why is this? The number of possible key values is smaller. There are only 10x10x10x10 (10,000) possible key values for the first key, and 255x255x255x255 (4.2 billion) possible key values for the second key, making the second one much more difficult to discover through “brute force” attacks than the first. “Brute force” attacks are discussed in more detail in section 1.4.11.1.

Similarly, randomness of the key is important as well. Even 256-bit encryption is pretty useless if the key uses a simple pattern an attacker can figure out, such as 1,2,3,4,5,6 ....

Another type of mathematical attack has less to do with predicting the key than it does with finding a way around the problem of not having it. For instance, it may be possible to “break” some encryption algorithms by finding a way to reverse them without discovering the original key (for instance, by finding patterns in how encrypted text is generated).

It All Adds Up

Mathematical attacks include those based on the fact that a key is generally easier to break, the shorter it is, and the less the variety in characters used in the key, and those that somehow “break” an encryption algorithm by finding a way to reverse it without discovering the original key.



 __________________

82. http://www.counterpane.com/pitfalls.html

Previous Topic/Section
1.4.7  Weak Keys
Previous Page
Pages in Current Topic/Section
1
Next Page
1.4.9  Social Engineering
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.