In the RSA DES challenges, how did the contestants know they had found the right key considering they weren't...











up vote
2
down vote

favorite












If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



What I imagine they did was:




  1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

  2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

  3. Calculate all possible 56-bit keys.

  4. Run each plaintext through all 56-bit keys until they found a mapping.


But this doesn't make sense given the sheer size of the possibilities.



So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










share|improve this question







New contributor




Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
























    up vote
    2
    down vote

    favorite












    If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



    But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



    What I imagine they did was:




    1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

    2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

    3. Calculate all possible 56-bit keys.

    4. Run each plaintext through all 56-bit keys until they found a mapping.


    But this doesn't make sense given the sheer size of the possibilities.



    So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










    share|improve this question







    New contributor




    Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      2
      down vote

      favorite









      up vote
      2
      down vote

      favorite











      If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



      But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



      What I imagine they did was:




      1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

      2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

      3. Calculate all possible 56-bit keys.

      4. Run each plaintext through all 56-bit keys until they found a mapping.


      But this doesn't make sense given the sheer size of the possibilities.



      So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










      share|improve this question







      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



      But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



      What I imagine they did was:




      1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

      2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

      3. Calculate all possible 56-bit keys.

      4. Run each plaintext through all 56-bit keys until they found a mapping.


      But this doesn't make sense given the sheer size of the possibilities.



      So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?







      rsa des brute-force-attack






      share|improve this question







      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 hours ago









      Bastien

      132




      132




      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote













          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.


          distributed.net found this message in DES Challenge II-1;




          • The secret message is: Many hands make light work.






          share|improve this answer



















          • 1




            In 1. you surely mean the prepended message?
            – Maeher
            1 hour ago










          • @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
            – kelalaka
            1 hour ago












          • I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
            – Maeher
            1 hour ago










          • @Maeher it should be clear now.
            – kelalaka
            1 hour ago










          • It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
            – Maeher
            1 hour ago











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "281"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Bastien is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote













          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.


          distributed.net found this message in DES Challenge II-1;




          • The secret message is: Many hands make light work.






          share|improve this answer



















          • 1




            In 1. you surely mean the prepended message?
            – Maeher
            1 hour ago










          • @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
            – kelalaka
            1 hour ago












          • I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
            – Maeher
            1 hour ago










          • @Maeher it should be clear now.
            – kelalaka
            1 hour ago










          • It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
            – Maeher
            1 hour ago















          up vote
          3
          down vote













          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.


          distributed.net found this message in DES Challenge II-1;




          • The secret message is: Many hands make light work.






          share|improve this answer



















          • 1




            In 1. you surely mean the prepended message?
            – Maeher
            1 hour ago










          • @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
            – kelalaka
            1 hour ago












          • I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
            – Maeher
            1 hour ago










          • @Maeher it should be clear now.
            – kelalaka
            1 hour ago










          • It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
            – Maeher
            1 hour ago













          up vote
          3
          down vote










          up vote
          3
          down vote









          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.


          distributed.net found this message in DES Challenge II-1;




          • The secret message is: Many hands make light work.






          share|improve this answer














          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. case are not known.


          distributed.net found this message in DES Challenge II-1;




          • The secret message is: Many hands make light work.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 1 hour ago

























          answered 1 hour ago









          kelalaka

          4,69121837




          4,69121837








          • 1




            In 1. you surely mean the prepended message?
            – Maeher
            1 hour ago










          • @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
            – kelalaka
            1 hour ago












          • I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
            – Maeher
            1 hour ago










          • @Maeher it should be clear now.
            – kelalaka
            1 hour ago










          • It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
            – Maeher
            1 hour ago














          • 1




            In 1. you surely mean the prepended message?
            – Maeher
            1 hour ago










          • @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
            – kelalaka
            1 hour ago












          • I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
            – Maeher
            1 hour ago










          • @Maeher it should be clear now.
            – kelalaka
            1 hour ago










          • It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
            – Maeher
            1 hour ago








          1




          1




          In 1. you surely mean the prepended message?
          – Maeher
          1 hour ago




          In 1. you surely mean the prepended message?
          – Maeher
          1 hour ago












          @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
          – kelalaka
          1 hour ago






          @Maeher nice notice. The documents say appended. But the result is prepended. So, I keep in that way. It should be prepended. But I think it is correct writing. A brief piece of printable ASCII text will be appended to the fixed 24-character string.
          – kelalaka
          1 hour ago














          I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
          – Maeher
          1 hour ago




          I think you misunderstood something. In 1. What you mean is checking for "The unknown message is:" right? The rest of the message is appended to that. That's correct. But when you check for "The unknown message is:" you're checking for the fixed part that's prepended to the actual message.
          – Maeher
          1 hour ago












          @Maeher it should be clear now.
          – kelalaka
          1 hour ago




          @Maeher it should be clear now.
          – kelalaka
          1 hour ago












          It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
          – Maeher
          1 hour ago




          It is. You might want to add a 3. Check that all bytes between the prefix and the padding represent printable ASCII.
          – Maeher
          1 hour ago










          Bastien is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Bastien is a new contributor. Be nice, and check out our Code of Conduct.













          Bastien is a new contributor. Be nice, and check out our Code of Conduct.












          Bastien is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Cryptography Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Mouse cursor on multiple screens with different PPI

          Agildo Ribeiro

          Sometime when accessing a menu: “Ubuntu 16.04 has experienced an internal error”