How to recognize succesfull bruteforce attempt?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

How to recognize succesfull bruteforce attempt?

Post by Clarckk on Tue Dec 14, 2010 1:53 pm
([msg=50447]see How to recognize succesfull bruteforce attempt?[/msg])

Hi all, I was trying realistic 6 ("XECrypt algorithm") again. I'd already programmed an application to decode the message, but my previous method relied on character-frequency.

This time I wanted to make an application which would be able to crack ANY text, written in any language (and also sourcecode and such).

I had already figured out the algorithm, the only hard part was having the program recognize a succesful brute-force attempt... I did this by black-listing some ASCII-values which would (should) never appear in a plaintext. The second requirement for a succesful attempt was that it needed at least 5 different letters in it (otherwise "\\]p ][\ " for example would be recognized as a succesful attempt, while it clearly is not).

This turned out to work very well: I tried decoding small plaintexts, large plaintexts, the sourcecode to a random wikipedia article, and the program managed to do this all in a fraction of a second (really, I am surprised how fast computers actually are!)

The problem is that if someone were to use this encryption method (which would be very stupid, of course, but never the less ;)), he could easily make my life a lot harder by implenting a couple of weird ASCII-values. (thus forcing me to check every attempt myself)

What would be another good way to recognize a successful bruteforce? (not only in this case, but also for other encryption algorithms)

I have already searched on the web, of course, and I found a very interesting post about it here: ... 0826?hl=en , it describes how to recognize a succesfull attempt by comparing character-frequencies with a flat frequency profile. This method is of course not applicable to the issue at hand, since "XECryption" doesn't change the frequencies of the characters.
New User
New User
Posts: 14
Joined: Fri Jan 15, 2010 3:32 pm
Blog: View Blog (0)

Re: How to recognize succesfull bruteforce attempt?

Post by Goatboy on Tue Dec 14, 2010 4:09 pm
([msg=50450]see Re: How to recognize succesfull bruteforce attempt?[/msg])

Set a thresh-hold for allowable non-printable characters. For example, this entire post is written in ASCII characters, but if I throw in a single odd value, that shouldn't make it entirely unreadable. You just need to decide on the ratio.
Assume that everything I say is or could be a lie.
User avatar
Posts: 2863
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests