In the RSA DES challenges, how did the contestants know they had found the right key considering they weren't...












4














If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



What I imagine they did was:




  1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

  2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

  3. Calculate all possible 56-bit keys.

  4. Run each plaintext through all 56-bit keys until they found a mapping.


But this doesn't make sense given the sheer size of the possibilities.



So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










share|improve this question









New contributor




Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    4














    If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



    But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



    What I imagine they did was:




    1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

    2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

    3. Calculate all possible 56-bit keys.

    4. Run each plaintext through all 56-bit keys until they found a mapping.


    But this doesn't make sense given the sheer size of the possibilities.



    So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










    share|improve this question









    New contributor




    Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      4












      4








      4


      1





      If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



      But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



      What I imagine they did was:




      1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

      2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

      3. Calculate all possible 56-bit keys.

      4. Run each plaintext through all 56-bit keys until they found a mapping.


      But this doesn't make sense given the sheer size of the possibilities.



      So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?










      share|improve this question









      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      If the contestants were given both the plaintext and ciphertext, it's straightforward. Just bruteforce all 56-bit keys until you find one that maps the given plaintext to the given ciphertext.



      But from what I understand, the contestants were given only the ciphertext and the initialization vector. I'm confused as to how they cracked the challenge without any plaintext.



      What I imagine they did was:




      1. Ok, we know the plaintext is less than or equal to the size of the ciphertext.

      2. Calculate all possible plaintext from 1 bit up to the bit size of the ciphertext.

      3. Calculate all possible 56-bit keys.

      4. Run each plaintext through all 56-bit keys until they found a mapping.


      But this doesn't make sense given the sheer size of the possibilities.



      So since they weren't given any plaintext, how did they know they'd found the right plaintext/key combination?







      rsa des brute-force-attack history






      share|improve this question









      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Dec 15 at 14:26









      kelalaka

      4,97321939




      4,97321939






      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Dec 14 at 8:54









      Bastien

      333




      333




      New contributor




      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Bastien is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          1 Answer
          1






          active

          oldest

          votes


















          10














          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. cases are not known. For this specific challenge the range of the characters given between 0x20 and 0x7e, i.e. between and ~




          distributed.net found this message in DES Challenge II-1;





          • The secret message is: Many hands make light work.




          Note : It is interesting that the Wikipedia says; The secret message is: where the source is lists.distributed.net, however, the RSA archives says The unknown message is:.






          share|improve this answer























          • Super clear explanation. Thank you.
            – Bastien
            Dec 17 at 7:12











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "281"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Bastien is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          10














          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. cases are not known. For this specific challenge the range of the characters given between 0x20 and 0x7e, i.e. between and ~




          distributed.net found this message in DES Challenge II-1;





          • The secret message is: Many hands make light work.




          Note : It is interesting that the Wikipedia says; The secret message is: where the source is lists.distributed.net, however, the RSA archives says The unknown message is:.






          share|improve this answer























          • Super clear explanation. Thank you.
            – Bastien
            Dec 17 at 7:12
















          10














          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. cases are not known. For this specific challenge the range of the characters given between 0x20 and 0x7e, i.e. between and ~




          distributed.net found this message in DES Challenge II-1;





          • The secret message is: Many hands make light work.




          Note : It is interesting that the Wikipedia says; The secret message is: where the source is lists.distributed.net, however, the RSA archives says The unknown message is:.






          share|improve this answer























          • Super clear explanation. Thank you.
            – Bastien
            Dec 17 at 7:12














          10












          10








          10






          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. cases are not known. For this specific challenge the range of the characters given between 0x20 and 0x7e, i.e. between and ~




          distributed.net found this message in DES Challenge II-1;





          • The secret message is: Many hands make light work.




          Note : It is interesting that the Wikipedia says; The secret message is: where the source is lists.distributed.net, however, the RSA archives says The unknown message is:.






          share|improve this answer














          One can still access the challenge rules from the archive.org




          Each contest is based on a specified cipher. A brief piece of printable ASCII text (containing byte values in hexadecimal notation from 0x20 to 0x7e) will be appended to the fixed 24-character string "The unknown message is:". The result will be padded and then encrypted with the associated cipher under a randomly-generated key.




          The message is also padded by PKCS#5 padding. Thus, the attacker has three options to test their results;




          1. Check the beginning of the message; it must start with "The unknown message is:"

          2. A valid PKCS#5 padding at he the end.

          3. And, one general rule when only ciphertexts are given; one can check the result is valid (English) language. For this, one block may not be enough, since there are many valid words in the 64-bit block. One block will result in many keys. To narrow the keys, additional ciphertexts are required. This approach can be work even 1. and 2. cases are not known. For this specific challenge the range of the characters given between 0x20 and 0x7e, i.e. between and ~




          distributed.net found this message in DES Challenge II-1;





          • The secret message is: Many hands make light work.




          Note : It is interesting that the Wikipedia says; The secret message is: where the source is lists.distributed.net, however, the RSA archives says The unknown message is:.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 14 at 19:10

























          answered Dec 14 at 10:53









          kelalaka

          4,97321939




          4,97321939












          • Super clear explanation. Thank you.
            – Bastien
            Dec 17 at 7:12


















          • Super clear explanation. Thank you.
            – Bastien
            Dec 17 at 7:12
















          Super clear explanation. Thank you.
          – Bastien
          Dec 17 at 7:12




          Super clear explanation. Thank you.
          – Bastien
          Dec 17 at 7:12










          Bastien is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Bastien is a new contributor. Be nice, and check out our Code of Conduct.













          Bastien is a new contributor. Be nice, and check out our Code of Conduct.












          Bastien is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Cryptography Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64863%2fin-the-rsa-des-challenges-how-did-the-contestants-know-they-had-found-the-right%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Category:香港粉麵

          List *all* the tuples!

          Channel [V]