Page 470 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 470
generally takes only double the time necessary to break a single round
n
n
n
of encryption (or 2 rather than the anticipated 2 * 2 ), offering
minimal added protection.
Man in the Middle In the man-in-the-middle attack, a malicious
individual sits between two communicating parties and intercepts all
communications (including the setup of the cryptographic session).
The attacker responds to the originator’s initialization requests and
sets up a secure session with the originator. The attacker then
establishes a second secure session with the intended recipient using a
different key and posing as the originator. The attacker can then “sit in
the middle” of the communication and read all traffic as it passes
between the two parties.
Be careful not to confuse the meet-in-the-middle attack with
the man-in-the-middle attack. They may have similar names, but
they are quite different!
Birthday The birthday attack, also known as a collision attack or
reverse hash matching (see the discussion of brute-force and
dictionary attacks in Chapter 14, “Controlling and Monitoring
Access”), seeks to find flaws in the one-to-one nature of hashing
functions. In this attack, the malicious individual seeks to substitute in
a digitally signed communication a different message that produces
the same message digest, thereby maintaining the validity of the
original digital signature.
Don’t forget that social engineering techniques can also be
used in cryptanalysis. If you’re able to obtain a decryption key by
simply asking the sender for it, that’s much easier than attempting
to crack the cryptosystem!
Replay The replay attack is used against cryptographic algorithms
that don’t incorporate temporal protections. In this attack, the
malicious individual intercepts an encrypted message between two
