In the RSA DES challenges, how did the contestants know they had found the right key considering they weren't...
up vote
2
down vote
favorite
If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.
But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.
What I imagine they did was:
- Ok, we know the plaintext is less than or equal to the size of the ciphertext.
- Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.
- Calculate all possible 56-bit keys.
- Run each plaintext through all 56-bit keys until they found a mapping.
But this doesn't make sense given the sheer size of the possibilities.
So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?
rsa des brute-force-attack
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
2
down vote
favorite
If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.
But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.
What I imagine they did was:
- Ok, we know the plaintext is less than or equal to the size of the ciphertext.
- Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.
- Calculate all possible 56-bit keys.
- Run each plaintext through all 56-bit keys until they found a mapping.
But this doesn't make sense given the sheer size of the possibilities.
So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?
rsa des brute-force-attack
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.
But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.
What I imagine they did was:
- Ok, we know the plaintext is less than or equal to the size of the ciphertext.
- Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.
- Calculate all possible 56-bit keys.
- Run each plaintext through all 56-bit keys until they found a mapping.
But this doesn't make sense given the sheer size of the possibilities.
So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?
rsa des brute-force-attack
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.
But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.
What I imagine they did was:
- Ok, we know the plaintext is less than or equal to the size of the ciphertext.
- Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.
- Calculate all possible 56-bit keys.
- Run each plaintext through all 56-bit keys until they found a mapping.
But this doesn't make sense given the sheer size of the possibilities.
So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?
rsa des brute-force-attack
rsa des brute-force-attack
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 3 hours ago
Bastien
132
132
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
3
down vote
One can still access the challenge rules from the archive.org
Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.
The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;
- Check the beginning of the message; it must start with "The unknown message is:"
- A valid PKCS#5 padding at he the end.
- And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.
distributed.net found this message in DES Challenge II-1;
- The secret message is: Many hands make light work.
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.A brief piece of printable ASCII text will be appended to the fixed 24-character string.
– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Bastien is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
One can still access the challenge rules from the archive.org
Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.
The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;
- Check the beginning of the message; it must start with "The unknown message is:"
- A valid PKCS#5 padding at he the end.
- And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.
distributed.net found this message in DES Challenge II-1;
- The secret message is: Many hands make light work.
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.A brief piece of printable ASCII text will be appended to the fixed 24-character string.
– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
add a comment |
up vote
3
down vote
One can still access the challenge rules from the archive.org
Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.
The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;
- Check the beginning of the message; it must start with "The unknown message is:"
- A valid PKCS#5 padding at he the end.
- And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.
distributed.net found this message in DES Challenge II-1;
- The secret message is: Many hands make light work.
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.A brief piece of printable ASCII text will be appended to the fixed 24-character string.
– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
add a comment |
up vote
3
down vote
up vote
3
down vote
One can still access the challenge rules from the archive.org
Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.
The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;
- Check the beginning of the message; it must start with "The unknown message is:"
- A valid PKCS#5 padding at he the end.
- And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.
distributed.net found this message in DES Challenge II-1;
- The secret message is: Many hands make light work.
One can still access the challenge rules from the archive.org
Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.
The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;
- Check the beginning of the message; it must start with "The unknown message is:"
- A valid PKCS#5 padding at he the end.
- And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.
distributed.net found this message in DES Challenge II-1;
- The secret message is: Many hands make light work.
edited 1 hour ago
answered 1 hour ago
kelalaka
4,69121837
4,69121837
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.A brief piece of printable ASCII text will be appended to the fixed 24-character string.
– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
add a comment |
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.A brief piece of printable ASCII text will be appended to the fixed 24-character string.
– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
1
1
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
In 1. you surely mean the prepended message?
– Maeher
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.
A brief piece of printable ASCII text will be appended to the fixed 24-character string.– kelalaka
1 hour ago
@Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing.
A brief piece of printable ASCII text will be appended to the fixed 24-character string.– kelalaka
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
– Maeher
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
@Maeher it should be clear now.
– kelalaka
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
– Maeher
1 hour ago
add a comment |
Bastien is a new contributor. Be nice, and check out our Code of Conduct.
Bastien is a new contributor. Be nice, and check out our Code of Conduct.
Bastien is a new contributor. Be nice, and check out our Code of Conduct.
Bastien is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown