Comment on With public key cryptography, why can't someone decrypt a message using the public key?

<- View Parent
rufus@discuss.tchncs.de ⁨8⁩ ⁨months⁩ ago

Ah, that is a really good question. These things happen. People have entire harddisks filled with “rainbow tables” which do these kind of attacks against hash-functions which are supposed to be one-way functions. This way they have terabytes worth of pre-computed hashes for the most common passwords and can immediately tell if one of those passwords is in a database leak.

For this it needs additional measures. Passwords are augmented with additional random data so people can’t pre-compute the hashes. So it wouldn’t be just ‘Hello’, but ‘Hello’ plus an additional “salt” that gets fed into the one-way function so it can’t be brute forced.

PGP for example uses both symmetric cryptography and asymmetric cryptography. The actual message is encrypted with symmetric encryption and the key to that is encrypted with asymmetric encryption. Unfortunately it’s been a while since I last read a book on cryptography. I think they did that because symmetric cryptography is way faster. But things like that could also prevent such attacks.

It’s not always obvious to the layman what kinds of attacks are possible with the crypto algorithms. They definitely need to protect against such scenarios or they’re worthless for that kind of use. There are “known plaintext attacks”. Usually people don’t want anyone even able to prove that you send a certain message. And an algorithm also isn’t good if you can learn something about the secret key if you have access to a ciphertext and plaintext. I think this was part of how they cracked the supposedly secure enigma machines of the Nazis.

source
Sort:hotnewtop