9.6 Cryptanalysis, Crypto Attacks & Best Practices

How Cryptosystems Fail

Well-designed algorithms are rarely broken mathematically. CEH cryptanalysis questions usually point at the real weak points: short keys, weak passwords, deprecated algorithms, implementation leakage, and protocol negotiation. Cryptanalysis is the study of breaking ciphertext without the key; the practical attacker, though, more often attacks the implementation or the humans.

Brute-Force and Key Length

A brute-force attack tries every possible key. Feasibility is governed by key length: each added bit doubles the keyspace. AES-256 is computationally infeasible to brute force with current technology, but short keys, deprecated ciphers (DES at 56 bits), and weak human passwords remain very practical targets. A dictionary attack is the password-specific variant that tries likely words first. Countermeasures: long modern keys, strong/long passphrases, key stretching (slow password hashing such as Argon2/bcrypt), account lockout, and rate limiting.

Birthday Attack and Collisions

The birthday attack uses the birthday paradox: a collision (two different inputs with the same hash) in an n-bit hash is expected after roughly 2^(n/2) attempts, far fewer than the 2^n needed for a preimage. This is why digest length matters and why a collision is catastrophic for digital signatures (an attacker could forge a document matching a legitimate signature). MD5 and SHA-1 are collision-broken in practice — use SHA-2 or SHA-3.

Side-Channel Attacks

Side-channel attacks do not break the algorithm; they extract secrets from physical leakage during execution: timing, power consumption (simple/differential power analysis), electromagnetic emissions, or cache behavior. Because the math is sound, longer keys do not help. Countermeasures are implementation-level: constant-time operations, blinding, added noise, and physical/electromagnetic shielding.

Attack Models Cryptanalysts Assume

CEH also expects the vocabulary of how an analyst is positioned relative to the cipher:

• Ciphertext-only — the attacker sees only ciphertext (hardest attack).
• Known-plaintext — the attacker has some plaintext–ciphertext pairs.
• Chosen-plaintext — the attacker can encrypt inputs of their choosing and observe the output.
• Chosen-ciphertext — the attacker can submit ciphertexts to be decrypted and observe results (the basis of padding-oracle attacks).

A strong modern cipher must resist even chosen-plaintext and chosen-ciphertext attackers. Frequency analysis — counting how often symbols appear — breaks classical substitution ciphers but is useless against well-designed modern ciphers, which is a frequent distractor.

Password Cracking Techniques

Because most real key compromises come through weak human secrets, know the password-attack families: brute force (every combination), dictionary (wordlists of likely passwords), hybrid (words plus appended numbers/symbols), and rainbow tables (precomputed hash lookups, defeated by salting). Tools such as Hashcat and John the Ripper accelerate cracking with GPUs, which is exactly why slow, salted password hashes (Argon2, bcrypt) and long passphrases are mandated.

Other Crypto and Protocol Attacks

Quantum-Resilience Awareness

A sufficiently powerful quantum computer running Shor's algorithm would break RSA and ECC by efficiently solving the factoring and discrete-logarithm problems they rely on. Grover's algorithm only weakens symmetric ciphers and hashes (halving effective strength), which is addressed by doubling key/digest size (use AES-256, SHA-384+).

The defensive response is post-quantum cryptography (PQC): in August 2024 NIST finalized the first PQC standards — FIPS 203 (ML-KEM, key encapsulation, from CRYSTALS-Kyber), FIPS 204 (ML-DSA, signatures, from CRYSTALS-Dilithium), and FIPS 205 (SLH-DSA, hash-based signatures, SPHINCS+). Organizations adopt crypto-agility so algorithms can be swapped without redesign, and guard against "harvest now, decrypt later" data theft. The CEH expects awareness of this trajectory, not the lattice math.

Cryptographic Best Practices

• Use vetted, current standard algorithms (AES, SHA-2/3, RSA-2048+/ECC); never invent your own ("no security through obscurity").
• Choose adequate key lengths, rotate keys, and protect keys in a Key Management Service or Hardware Security Module.
• Use authenticated encryption (AEAD) (e.g., AES-GCM) to get confidentiality and integrity together and to stop padding-oracle attacks.
• Salt and slow-hash passwords with a purpose-built password hash (Argon2/bcrypt/scrypt/PBKDF2); never store plaintext or unsalted fast hashes.
• Disable deprecated algorithms and protocol versions to block downgrade attacks.
• Validate certificates and revocation; prefer ephemeral key exchange for forward secrecy.
• Build for crypto-agility to enable a future post-quantum migration.

Steganography vs Cryptography (Common Confusion)

The CEH often contrasts these. Cryptography scrambles a message so it is unreadable without the key — the existence of the secret is obvious, only its content is hidden. Steganography hides the very existence of a message by embedding it inside an innocuous carrier (an image's least-significant bits, audio, or whitespace). They are complementary: encrypting before hiding gives both confidentiality and concealment. Steganalysis is the practice of detecting hidden payloads, for example by spotting statistical anomalies in a carrier file.

Putting Defense Together

For the exam, anchor each attack to one defense: short keys and weak passwords → long keys, AES-256, and slow salted hashing; collisions → SHA-2/3 over MD5/SHA-1; side-channels → constant-time, shielded implementations; downgrade → disable legacy protocols; padding-oracle → AEAD; MITM → certificate/PKI authentication; and the quantum horizon → crypto-agility plus the new NIST PQC standards. Recognizing the attack and naming its specific countermeasure is exactly the skill these questions test.