Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

This may seem like a simple question, but I have just started studying cryptogra

ID: 647506 • Letter: T

Question

This may seem like a simple question, but I have just started studying cryptography and I can't seem to find any information on this at all. I am trying to write a "simple" encrypted messenger using Java's Cryptography Architecture and Extensions, and I have been studying pentesting on the side, and I was wondering if there was a way that I could test the security of a message I encrypted using any tools (more specifically in Kali.)

This has led me to a more general question that I cannot seem to find an answer to. Google seems to be awash with news about PGP being broken, or the NSA being able to beat encryption, but how exactly are they doing it? Is the assumption that if you have the message, you would also have the hash of the key used to decrypt it, and to decrypt it involves breaking the hash of the key, or is there anything that actually breaks an encrypted message without the key?

Things like John the Ripper seem to only be able to attack password hashes, and I guess you couldn't brute force an entire encrypted message as that could be tens of thousands of characters with an insane number of possible permutations. Also, would it change anything if you encrypted the message based on a password instead of a cryptographically secure random number? I wanted to try and set up a little cryptographic challenge where the password could be something short so it would not take long to crack, but I can't find any way of testing different password against an encrypted message - even if you know the encryption algorithm?

It may well be that the answer is not a simple tool, but some incredibly complex set of tasks, but at this point, I would just like to know even the general answer so that I can piece together in my mind how this stuff works! Like I say, it is hard to google as all I can find are answers relating to cracking passwords, which I guess is the "sexier" thing to want to try and do, then to try and decrypt a message!

Thanks in advance.

Explanation / Answer

As mentioned this is a very broad question, so please forgive me for not going into any great depth on each point.

There are a few ways to beat encryption. One way is to attack the actual math of the cryptography: for PGP that would involve cracking RSA, which would involve finding a way to solve the discrete log problem. This is the hardest method, but also the most complete. The second way is to attack particular implementations: a specific implementation might leak key information through how long encryption and decryption operations take, might leave secret data in memory for an attacker to find, etc. This is often combined with hacking the target's computer, possibly getting access to the plaintext and circumventing the encryption. "Extraordinary rendition" (kidnapping) and "enhanced interrogation" (torture) are other popular techniques for the US intelligence agencies to break encryption. Just torture the target until they give you a valid key.

There generally isn't a hash of a key transmitted. I'm not sure where you got this idea.

Breaking passwords is easy because people chose bad passwords. It's done via trying the most common passwords and seeing which ones hash to the matched hash. Encrypting things based directly on a password would be a terrible idea, key derivation algorithms are used to try to make breaking passwords harder, but they still rely on the user choosing a good password. Also note that hashes and encryption are very different things. They're both part of cryptography, but they serve very different purposes.

In general, there is no easy way to decrypt an encrypted message, so long as the encryption was done with a good algorithm and good implementation. If there IS an easy way to decrypt an encrypted message then the encryption system used is by definition broken.

Related Questions

This lab will progressivley develop a program to simulate a horse race. 1) We wi
Question #3816976
This lab will require that you create both the domain and the driver class using
Question #3607560
This lab will simulate a hospital waiting room with a patient’s name and priorit
Question #3860717
This lab will simulate the contention period of five Ethernet stations that all
Question #2082647
This lab will use a variety of tests to determine the identity of seven organic
Question #717069
This lab will use the concept of a doubly-linked list to simulate part of an air
Question #3860139
This lab, for which you may work in groups of two, will require you to use a C s
Question #3584856
This lab, we will be investigating three different types of natural radiation: A
Question #1036303
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
This may not be a great site for this question. I basically have approximately 1
Next
This may seem like an odd question. However, more and more I am seeing web appli

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.