IT Baseline Protection Manual T 5.83 Compromising cryptographic codes
T 5.83 Compromising cryptographic codes
When cryptographic procedures are used, the gain in security depends to a large extent on how confidential the secret cryptographic codes are. With knowledge of both the code and the cryptomethod used, it is normally easy to revert the encoding and obtain plain text. A potential perpetrator will therefore attempt to ascertain the code used. Possible points of attack are:
Unsuitable processes are used to produce the code, for example to determine random numbers or derive the code.
The codes that are produced are exported before they are stored using a safe medium.
During operation, codes from cryptomodules are exported through technical attacks .
Codes left as backup are stolen.
When cryptographic codes are entered, the codes cracked by perpetrators.
The cryptomethods in use are cracked. In the case of symmetric cryptographic techniques such as DES, for example, it is currently possible to determine the code using huge numbers of parallel computers (brute-force attack).
Internal perpetrators give away cryptographic codes in use