Re: Brute force attacks

[Tina Bird <tbird () iegroup com>]

hi joe --

i'm not sure i understand your question.  are you trying to figure out whether
the output of the (ciphertext) + (sample key) is sensible cleartext?

most approaches are based on assumptions about the nature of the (unknown)
cleartext.  typically you'll have your search algorithm flag cleartext as
"interesting"
if it's, say, entirely alphabetic (if you know it's an e-mail message) --
the DES
cracker software developed for the EFF initiative allows the sys admin to
program
in their own rules about what properties make a particular piece of cleartext
"interesting."  these requirements typically enable the controller to
severely limit
the fraction of the keyspace needed to be closely examined.

if you haven't seen the o'reilly book that presents >all< the details of
the crack,
you really should.  the circuit diagrams were a bit beyond me, but the
technical
and political discussion is worth its weight in gold.

standard disclaimers apply -- more info at http://www.eff.org

hope this helps -- Tina Bird

At 05:48 AM 8/12/98 -0700, you wrote:
> Slightly off pure FW topics, but still germane, I have a question about 
> brute-force attacks.
>
> Using DES as en example, a brute force attack has 2(56) possible keys.
>
> The question I have is how do I check my output to validate that I have 
> the correct key?
>
> I start with the first possible key and get output.  Now that I have 
> this output 1 of 2(56), how do I determine if this output is meaningful 
> or gibberish??
>
> Thanks!
>
>
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com

Dr. Christina Bird, Security Analyst
Secure Network Systems
v: 785-843-8855 x111
http://www.netdefense.com