A thief possesses a number of tools of the trade; perhaps a device to pick locks, or gloves to prevent fingerprints, or all black clothes to blend into the night.
The cyber-thief or hacker also possesses a variety of tools and techniques to undermine the security of your Web-based e-commerce site. Though encryption/decryption is enough to keep most hackers at bay, the most sophisticated hackers have developed techniques that can compromise a cryptosystem. This lesson offers an overview of some of those techniques.
Forms of attack |
Description |
Ciphertext-only attack
|
From the ciphertext of several messages encrypted using the same key, the attacker works backwards in an attempt to
derive either the plaintext or the key.
|
Plaintext attack |
An attempt to find the value of a specific key is known as a plaintext attack. Once the key is discovered, a subsequent message sent from the network can be deciphered. In a known plaintext attack, the attacker attempts to derive the key from both the ciphertext and the corresponding plaintext of several messages. A chosen plaintext attack is one in which someone can choose some plaintext but no ciphertext, and then generate encrypted text to derive the key.
|
Brute force attack |
Previously considered slow and cumbersome, in this approach all possible key values are tested by the cryptanalyst until the correct one is found. However, with the rapid increase of processing power and the development of special purpose encryption hardware, brute force attacks have become more prevalent.
|