Page 467 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 467
Cryptographic Attacks
As with any security mechanism, malicious individuals have found a
number of attacks to defeat cryptosystems. It’s important that you
understand the threats posed by various cryptographic attacks to
minimize the risks posed to your systems:
Analytic Attack This is an algebraic manipulation that attempts to
reduce the complexity of the algorithm. Analytic attacks focus on the
logic of the algorithm itself.
Implementation Attack This is a type of attack that exploits
weaknesses in the implementation of a cryptography system. It
focuses on exploiting the software code, not just errors and flaws but
the methodology employed to program the encryption system.
Statistical Attack A statistical attack exploits statistical weaknesses
in a cryptosystem, such as floating-point errors and inability to
produce truly random numbers. Statistical attacks attempt to find a
vulnerability in the hardware or operating system hosting the
cryptography application.
Brute Force Brute-force attacks are quite straightforward. Such an
attack attempts every possible valid combination for a key or
password. They involve using massive amounts of processing power to
methodically guess the key used to secure cryptographic
communications.
For a nonflawed protocol, the average amount of time required to
discover the key through a brute-force attack is directly proportional
to the length of the key. A brute-force attack will always be successful
given enough time. Every additional bit of key length doubles the time
to perform a brute-force attack because the number of potential keys
doubles.
There are two modifications that attackers can make to enhance the
effectiveness of a brute-force attack:
Rainbow tables provide precomputed values for cryptographic
hashes. These are commonly used for cracking passwords stored
