CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
Last updated
Overview
CAPEC-20 (Encryption Brute Forcing) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
Determine the ciphertext and the encryption algorithm.
- Step 2Experiment
Perform an exhaustive brute force search of the key space, producing candidate plaintexts and observing if they make sense.
What the attacker needs
Prerequisites
- Ciphertext is known.
- Encryption algorithm and key size are known.
Skills required
- Low skill: Brute forcing encryption does not require much skill.
Resources required
- A powerful enough computer for the job with sufficient CPU, RAM and HD. Exact requirements will depend on the size of the brute force job and the time requirement for completion. Some brute forcing jobs may require grid or distributed computing (e.g. DES Challenge). On average, for a binary key of size N, 2^(N/2) trials will be needed to find the key that would decrypt the ciphertext to obtain the original plaintext. Obviously as N gets large the brute force approach becomes infeasible.
Consequences
What a successful CAPEC-20 attack can achieve.
Read Data
Affects: Confidentiality
How to mitigate it
Defenses that reduce the risk of CAPEC-20.
- Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.
- In theory a brute force attack performing an exhaustive key space search will always succeed, so the goal is to have computational security. Moore's law needs to be taken into account that suggests that computing resources double every eighteen months.
How to detect it
Indicators that this attack may be underway.
- None. This attack happens offline.
Examples
In 1997 the original DES challenge used distributed net computing to brute force the encryption key and decrypt the ciphertext to obtain the original plaintext. Each machine was given its own section of the key space to cover. The ciphertext was decrypted in 96 days.
Frequently asked questions
Common questions about CAPEC-20.
- What is CAPEC-20?
- An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
- How does a Encryption Brute Forcing attack work?
- It typically unfolds over 2 phases. It begins with: Determine the ciphertext and the encryption algorithm.
- How do you prevent CAPEC-20?
- Use commonly accepted algorithms and recommended key sizes. The key size used will depend on how important it is to keep the data confidential and for how long.
- What weaknesses does CAPEC-20 target?
- CAPEC-20 exploits 4 CWE weaknesses, including CWE-326 (Inadequate Encryption Strength), CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), CWE-693 (Protection Mechanism Failure), CWE-1204 (Generation of Weak Initialization Vector (IV)).
- How severe is CAPEC-20?
- MITRE rates CAPEC-20 as Low severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-20
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.