1

If you have a random block of data and you encrypt it with a key, how can a brute force script tell when it has found the correct key? Is it possible without some sort of reference to the original plaintext?

In a normal situation, an encrypted piece of data like a file or etc. would have some sort of recognizable structure, so the brute force script would assume the key is correct once it has verified the format of the data or file. However, if the data was completely random with no structure, would it be possible to brute force and encrypted version of the data?

Example: If I had a key which was encrypted with AES-256 using a password and the hash of the key was stored on a server, would you be able to brute force the encrypted key without contacting the server to compare it? This is assuming you have to send the result to the server and the server does not allow downloading the hash.

The reason for my question is if the brute force can not be successful without having something to test against, the only way to do so is to contact the server with the plaintext key hashed to compare against the hash the server already has stored. If this is the case, the server can log the attempt to check the key and freeze the account after 5 tries or so.

Based on my other question: Any issues with this security design for cloud storage? Server doesn't even need to know password to log someone in

Phoenix Logan
  • 502
  • 2
  • 13

1 Answers1

5

In a case where the encrypted data is completely random it could be fairly difficult to tell whether decryption in a brute-force attack has been successful, however real-world attacks are unlikely to be against completely random unknown plaintexts.

Generally it's possible to tell that you've decrypted the data because the result is something which has a meaningful pattern (e.g. has dictionary words in it). So a script can test for whether there are meaningful words or other patterns known to be present in the plain text data to tell when they have successfully guessed the key.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217