Can someone break encryption just by knowing the encryption algorithm?

Discussion in 'privacy general' started by ronjor, Nov 13, 2010.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I'm not sure what the purpose of this article is. It seems to be a beginner's primer on symmetric and asymmetric encryption.

    And the answer is no -- no one can break encryption just because they know the algorithm being used (assuming the algorithm is a strong algorithm such as AES).
     
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    The article discusses only online connections that always use the same algorithm. However, much of the data-encryption software used on PCs today offers the user a choice of more than one algorithm.

    In the case of TrueCrypt, knowing which algorithm was used would definitely be helpful when designing a brute-force attack, although it probably wouldn't be enough to matter unless the password was already quite weak (as in the case of a partially-known password).

    For example, if you know which of the eight possible algorithm options was selected by the user then you can reduce the number of combinations to be tested by 8x. If you also know which of the three cryptographic hash functions was selected then you can achieve a 24x overall reduction in the number of calculations required.

    This may seem like a big deal, but it's really not. Adding a single character to the password would more than make up for these gains. And having a reasonably long password in the first place makes brute-forcing completely infeasible.
     
Loading...
Thread Status:
Not open for further replies.