Break 224-bit Blowfish Encryption

Question

Break 224-bit Blowfish Encryption

I have a bunch of encrypted files that I want to decrypt (duh). I found out that they are encrypted by Blowfish using a 224-bit key after some research. I know what the first few bytes of plaintext look like (this is a kind of header).

Noting that I am not an NSA and I do not have ridiculous computing power, is there any chance that I will brutally force the key in a reasonable amount of time (for example: not the life of the Universe)?

I read somewhere that someone posted an attack on a full-blown Blowfish (no pun intended) that reduces the search to 2 ^ (n / 2), but mysteriously disappeared. Apparently, it was some kind of MITM attack; although Blowfish uses a 16-round Feistel network, so it should be smart if it exists. Can anyone confirm this?

EDIT: I have access to a large number of keys used, but not all of them. Perhaps it would be better to take the time to try to attack key generation instead?

+4

security brute-force encryption blowfish

NullUserException Apr 05 '11 at 18:01

source share

4 answers

No, you cannot recover plain text if the encryption was not performed correctly.

There is a published attack on the “famous plain text,” but its work requires billions of well-known plain texts.

Update related to "Edit": Again, if the encryption was performed correctly, checking for known keys will not help, because the cryptographic number generator used to create good keys will have similar complexity as a cipher. However, using a bad generator (or password-based encryption with weak passwords) is a common implementation flaw. Good luck

+4

erickson Apr 05 '11 at 18:12

source share

2 ^ (n / 2) means in this case 2 ^ 223, not 224, maybe? if so, I don’t see that it helps a lot. I think you need to go to something like 2 ^ 64 or so in order to transfer it to your home PC in a reasonable amount of time.

0

user82238 Apr 05 '11 at 18:03

source share

Do you know how the key was selected? If it says it is generated with a password and the proper password derivation function is not used, this may be your best angle of attack. Also, depending on the chain mode used, there may be another place of attack, we need to know more.

0

Bruno rohée Apr 7 '11 at 15:34

source share

David thornley · Accepted Answer · 2011-04-05T18:15:28+0000

You have no chance that you roughly force the key *. Assuming there is a “Meet in the Middle” attack for Blowfish, which reduces it to testing 2 ^ 112 keys, there is not enough computing power on the planet to have a good chance that the key is forced to be brute before the Sun cools down, the NSA is also not could do this if it was a consolation, although perhaps they could solve the Blowfish problem, rather than guess the keys.

If you cannot find the keys, you will not read the files.

* Technically, you have a chance. However, it is much more likely that you will win the national lottery twice (provided that you buy a ticket for two drawings).

Break 224-bit Blowfish Encryption

More articles: