
1.4.8 Mathematical The short story on mathematical attacks is that a key data set with fewer possible combinations is more likely to produce a weaker key. (See 1.4.11.1). Popular belief states that 40bit encryption is weak, and 128bit is strong. The idea is that the longer the key, the more possible combinations will need to be tried, to find the correct key value by brute force. This is only a general statement^{82}, as you will see when you look at WEP in 802.11. Key length is only part of the story. Another part of the story involves the total number of possible key values. For instance, if a cracker knows that a key consists of 4 bytes, each of which holds a number between 1 and 10 (instead of a number between 0 and 255, the minimum and maximum values which can be held in a byte), that key is much weaker than a 4byte key in which each byte can hold a number between 0 and 255. Why is this? The number of possible key values is smaller. There are only 10x10x10x10 (10,000) possible key values for the first key, and 255x255x255x255 (4.2 billion) possible key values for the second key, making the second one much more difficult to discover through “brute force” attacks than the first. “Brute force” attacks are discussed in more detail in section 1.4.11.1. Similarly, randomness of the key is important as well. Even 256bit encryption is pretty useless if the key uses a simple pattern an attacker can figure out, such as 1,2,3,4,5,6 .... Another type of mathematical attack has less to do with predicting the key than it does with finding a way around the problem of not having it. For instance, it may be possible to “break” some encryption algorithms by finding a way to reverse them without discovering the original key (for instance, by finding patterns in how encrypted text is generated).
__________________ 82. http://www.counterpane.com/pitfalls.html
Home  Table Of Contents  Contact Us CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com Version 1.0  Version Date: November 15, 2004 Adapted with permission from a work created by Tcat Houser et al. CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. 