CAPEC-20

Encryption Brute Forcing
Laag
Laag
Draft
2014-06-23
00h00 +00:00
2021-06-24
00h00 +00:00
CAPEC Mitre.org
Melding voor een CAPEC
Blijf op de hoogte van wijzigingen voor een specifieke CAPEC.
Meldingen beheren

Beschrijvingen CAPEC

An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.

Informatie CAPEC

Uitvoeringsstroom

1) Explore

Determine the ciphertext and the encryption algorithm.

2) Experiment

Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense.

Vereisten

Ciphertext is known.
Encryption algorithm and key size are known.

Vereiste vaardigheden

Brute forcing encryption does not require much skill.

Vereiste middelen

Mitigaties

Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.
In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.

Gerelateerde zwakheden

CWE-ID Zwakheidsnaam

CWE-326

 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-327

 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

CWE-693

 Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CWE-1204

 Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

Indiening

Naam Organisatie Datum Releasedatum
CAPEC Content Team The MITRE Corporation 2014-06-23 +00:00

Wijzigingen

Naam Organisatie Datum Opmerking
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Related_Attack_Patterns, Related_Weaknesses
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.