This topic explains some of the best known strategies for breaking a code, and what features SSL has that you can use to protect yourself from these attacks.
A message sent unencrypted is said to be in cleartext or plaintext. A message sent encrypted is said to be in ciphertext.
The US government used to restrict the strength of encryption it allowed to be included in software for export - beyond a certain strength, encryption is regarded as of military value. In January 2000 these restrictions were mostly removed. Nevertheless a lot of encryption software still exists that was designed in that period to be exportable. The term "export cipher" means an algorithm and key length designed to be exportable under these regulations.
The information given here is believed to be correct at the time of writing, but remember that typical computer power and legal requirements are constantly changing.
The word "cipher" is often used to mean an encryption algorithm. A particular algorithm with a particular key length is often referred to by the algorithm's abbreviated name followed by a hyphen and the key length. For example, RC4-40 means "Rivest Cipher 4 with 40-bit keys".
Short keys are usually called small or weak keys.
This consists of simply going through every possible key, deciphering the ciphertext with each key, and trying to find some recognizable cleartext in the result. If you use a 128-bit key there are 2128 possible keys.
A would-be code-breaker would regard this type of attack as the last resort, to be used only if there is no feature - that is, weakness - of the cipher that makes possible some more intelligent attack. A cipher that forces the code-breaker to resort to this method is a strong cipher.
However, ciphers that use weak (small) keys are susceptible to brute force attack, in particular RC4-40, RC2-40 and DES-56. There have been many successful brute force attacks against RC4-40 since its release in February 1995.
A brute force attack against ciphers with 128 bits or more is probably impractical in the foreseeable future.
This type of attack can be used when the attacker knows or guesses some part of your original message. In the case of a protocol, this may be easy - for example, in HTTP messages the "get" command often appears.
The attacker takes the known cleartext and encrypts it using every possible key. The resulting set of ciphertexts is saved. This set of saved ciphertexts is called a dictionary.
When the attacker gets hold of an encrypted message, he or she searches it for occurrences of any of these ciphertexts. When a match is found, then the key that gave that ciphertext must be the key that was used to encrypt the whole message.
SSL protects you from this kind of attack by using various technical measures that ensure the same plain text produces different ciphertext each time.
In a replay attack, an attacker records an exchange of messages between a client and server and tries to recreate the exchange later by resending the client messages to the server.
To prevent this, SSL has a nonce number. This is a connection-id, which the server generates as a random number and sends to the client together with the server certificate. Since the nonce is different for each session, someone resending the old set of client messages cannot fool the server into thinking they are a new set. SSL nonces are 128 bits long.
In a man-in-the-middle attack, an attacker intercepts messages and modifies them, and then passes them on to the intended recipient.
SSL's system of certificates and private keys prevents this. An attacker would have to fake a certificate and somehow get it signed with a CA's key.
In a truncation attack, an attacker inserts into a message a TCP code indicating the message has finished, thus preventing the recipient picking up the rest of the message.
To prevent this, SSL from version v3 onward has a closing handshake, so the recipient knows the message has not ended until this has been performed.
Copyright © 2009 Micro Focus (IP) Ltd. All rights reserved.