Cryptanalysis is a means to decrypt ciphertext, ciphers, and cryptosystems. It works by understanding how they work to find ways to crack them despite the lack of plaintext source, encryption key, or algorithm used to mask information.
Ciphertext refers to encrypted text transformed from plaintext using an encryption algorithm. You can’t read ciphertext until you convert it into plaintext or decrypt it with a key. A cipher, meanwhile, is an algorithm used to encrypt or decrypt data. It is a series of well-defined steps to follow to encrypt or decrypt plaintext. Finally, a cryptosystem is a suite of cryptographic algorithms used to secure or encrypt information. It typically uses three algorithms—one for key generation, another for encryption, and one more for decryption.
Cryptanalysis can, therefore, be likened to cracking a safe without the passcode and accompanying key, if any.
Read More about “Cryptanalysis”
Cryptanalysis is useful in cybersecurity in that it lets malware analysts and investigators decipher information that threat actors hide. That could reveal how a piece of malware was created and, as a result, how to defeat it.
What Cyber Attacks Use Cryptanalysis?
Many cyber attacks employ cryptanalysis, so malware analysts need to have experience in the field. Here’s a list of cryptanalysis-enabled or cryptanalytic attacks:
In these, attackers have access to one or more encrypted messages but don’t know what the plaintext data is about, the kind of encryption algorithm used, or if a cryptographic key was used in the first place.
Known plaintext attacks
In these, attackers may know what the ciphertext is about. They just need to find the key used to encrypt the message so they can decrypt it. When they do, all messages that have been encrypted with that key is fair game.
Chosen plaintext attacks
In these, attackers may know what encryption algorithm was used or have access to the encryption devices used.
These have more to do with the physical systems used to encrypt communications. Many of these attacks do not use ciphertext. Still, they may be related to the amount of time a system takes to respond to specific queries, the encrypting system’s power consumption, or the encryptor’s electromagnetic radiation emission. Attackers need to use the right system to reveal data.
Attackers typically use these to obtain victims’ passwords. They encrypt all the words in a dictionary then check if the resulting hashes match encrypted passwords to access the victims’ personal accounts. You can learn more about these attacks in our definition “What is a Dictionary Attack?”
Man-in-the-middle (MitM) attacks
In these, attackers hack into a communication channel between two parties exchanging keys for secure communication via asymmetric or public key infrastructure (PKI). The attackers mediate between the parties without their knowledge to obtain both keys.
Cryptanalysis and Cryptography: What’s the Difference?
While cryptanalysis has more to do with breaking code to decipher the encoded information, cryptography is the science of encoding messages. If you need to send a top-secret message to someone else over an unsecured channel like the Internet, you need to use cryptography.
How to Stay Safe from Cryptanalysis-Enabled Attacks
Countering cryptanalytic attacks involves good key management and using strong keys. Password-specific attacks can be thwarted by implementing strong password policies. A strong password policy means using multiple character types (uppercase and lowercase letters, numbers, and symbols) and setting the minimum password length to eight characters or more at the very least. Discouraging the use of words present in dictionaries would also help against dictionary attacks in particular. Changing passwords regularly and enforcing account lockout and password history to prevent reuse also help.
Constant network audits for excessive failed logins and monitoring for sniffers and other password-stealing tools are also necessary.