Methods for attacking encrypted text

There are a number of ways to attack encrypted text. The easiest way, of course is to ask someone who has the key.

Cryptanalysis

Cryptanalysis or cracking, involves the exploitation of weakness within the algorithm. Using cracking software to crack proprietary algorithms is also considered using cryptanalysis.

Techniques used

• Known plaintext
• Chosen plaintext
• Chosen ciphertext

However, this is an esoteric technique that requires specialised knowledge and skills and it’s not practical for most organizations.

Password Guess (also known as plaintext)

• Dictionary attack – Based on common words to crack passwords
• Educated Guess – It can be quite successful as people tend to use keys that are easy to remember.
• Brute Force – Methodical attempts to sequentially attempt all possible passwords and is very effective against symmetric algorithm using 40-bit or less keys.

Scavenge Password

Physical search – locating written password around the workstation

Logical search – Searching for plaintext passwords in documents or email messages.

Extract Password using Logical search

Many of the windows passwords are stored in the windows registry or other configuration files in plaintext.

Obtaining password through interview

Interviewing the suspect for password is the easiest way out. Social engineering is another way to trick the suspect into revealing the password or coercion forces the suspect to reveal the password. But if the suspect is unavailable or uncooperative regardless, it will require skilful detective work to guess the password. Normally passwords are always reuse for different applications so if a password is identified, so it is worth trying it on other applications.