home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!hela.iti.org!usc!randvax!jim
- From: jim@rand.org (Jim Gillogly)
- Newsgroups: sci.crypt
- Subject: Re: Attack Methods
- Message-ID: <4001@randvax.rand.org>
- Date: 12 Nov 92 17:57:47 GMT
- References: <1992Nov11.213535.17788@csc.ti.com>
- Sender: news@randvax.rand.org
- Organization: Banzai Institute
- Lines: 56
- Nntp-Posting-Host: mycroft.rand.org
-
- In article <1992Nov11.213535.17788@csc.ti.com> jdailey@dadd.ti.com writes:
- >In article 3997@randvax.rand.org, jim@rand.org (Jim Gillogly) writes:
- >>
- >>And another word of advice: don't try constructing new ciphers for some
- >>niche unless you have practical experience in breaking them. There's no
- >>way you will anticipate the kinds of attacks that are available without
- >>starting from the cryptanalysis end.
- >
- >So what are some of the methods used to attack an encrypted text, when the
- >encryption method is unknown?
-
- A lot of it depends on auxiliary info: how did you intercept it, and what do
- you know about the correspondents? Does your traffic analysis suggest that
- they'll be using a high-level diplomatic cipher, or maybe a field-grade
- tactical cipher that's likely to be done with pencil-and-paper or
- unmodified calculator?
-
- OK, suppose you don't know anything about it. Frank Lewis says you should
- *look* at the ciphertext and see if there's anything weird about it. A
- lot of people will just start throwing tools at it. Is it in 6-letter
- groups instead of the usual 5? Is it totally missing J's, or Q's? The
- former might suggest a fractionating system, the latter a Polybius-based
- system.
-
- Do a frequency count. Do the frequencies match your expected target
- language? If so, you're probably dealing with a plain old transposition
- cipher. Are they as rough as the [some?] target language, but different
- values? Maybe it's straight substitution, or maybe substitution with
- transposition.
-
- Do an index of coincidence, first on the ciphertext as-is, then on the
- ciphertext broken up into periods. Does it peak somewhere? E.g. if you're
- expecting English, do you see the IC for the as-is ciphertext at .066, or
- is it stuck down near the .033 you'd expect for random 26-letter text? If
- it peaks on one of the periods, you've got a periodic cipher, and can
- start with a whole bunch of *other* tests. Do a digraphic IC -- if that
- peaks as English (or French, or whatever) would, maybe you've got a
- Playfair or other digraphic system.
-
- If you've got multiple captured ciphers, slide them against each other and
- look at matching letters. Are there more matches than you'd expect if
- they were random? If so, it may be a long-period system, but these
- messages hit an overlap -- this was helpful in the PURPLE analysis.
-
- And then there's crib-dragging, helpful in attacking many ciphers.
-
- And so on and so on -- all driven by the stuff you've found out before, and
- revisited as you go down false trails and then back up to something you
- thought you'd eliminated.
-
- And, of course, all these methods are 50 years out of date. I have no clue
- as to what's *really* going on inside the classified places, if anything.
- --
- Jim Gillogly
- U.S. National Debt: $4,130,574,297,255
- Your Share: $16,151
-