An issue most students are facing is trying to do some peer interaction. Therefore I am now inviting my peers, both in and outside of Noroff, to participate in my little project here. What I think we could discuss is related to the current “Network Security” course, and the issue are encryption – more specifically how to crack it with known weaknesses.

So here goes some background to the issue. As a former web developer, I have had my share of sites with online users. Now, most open databases either on the internet or not, have some kind of registration open for anyone that connects to it. The user can then register with their information and a create a login with a username and password of their choice (or receive a first-time password with the option to change it). Lets say my password is “intruder”, this gets encrypted in the database – and is stored as an encrypted value. Theoretically, anyone who breaks into the database to retrieve the usernames and passwords will not get the passwords – only encrypted passwords which would take forever to crack (passwords in plaintext could be used to try on other sources, like if the victim are using the same passord for their gmail account).

But if I am a malicious attacker who created the “intruder”-password in advance, and gets the entire database – would I be able to find the encryption key (knowing two factors revealing the third)? Would what is known as a Known-Plaintext Attack (Wiki, 2017) be able to do it? And is it true that AES encryption are not affected by it?

My peers, I need your interaction on this, your views and discussion are appreciated. Please use the comment section below.

 

Wikipedia (2017) Known-Plaintext Attack
https://en.wikipedia.org/wiki/Known-plaintext_attack (Accessed: 18 January 2017)