On 7/2/2013 5:28 PM, Steven Webb wrote:
> A friend of my father has come up with a new encryption scheme that he
> says can't be brute-force decrypted.
> He sent me a 384-byte chunk of encoded binary data and two plaintext
> words that can be found in the decoded 'answer'. He said that he would
> give me $100 if I could break his encryption algorithm.
> I was going to write my own code that brute-forces a one-byte key, then
> XOR's the encrypted data with all 256 possible byte values, then try a
> 2-byte key, etc... until I find the two words somewhere in the
> unencrypted string. The length of the key is unknown.
> Is this how I would go about this, or am I missing something with
> regards to decrypting text via brute-force? I understand that there is
> a possible "scrambling" of the message that can also happen which would
> probably mess up my whole XOR brute-force method, but I'm not so sure
> that my father's friend would be smart enough to actually scramble the
> data or not.
> Q: Is this a good method of brute-force decryption or am I missing
> something important here from a theoretical point of view?
> Q: Is there a well-known tool to do this instead of me having to write
> something myself? I did some google searches and some github searches
> and wasn't able to find anything except for a few single-byte XOR search
I would think that having two plaintext words that are guaranteed to be
in the encrypted string is a *huge* leg up (that normally is not
available) but I still think you have a very large problem. The
empirical knowledge you think you have about the encrypter's skillset
may or may not be valid and might even mislead you!
I don't have or know of any routines out there, but there might be some
that apply commonly-known cracking techniques... make sure you determine
that it isn't ROT13 first... :)