How Can you find the key if you encrypted and decrypted data?

Posted on 2006-03-26
Medium Priority
Last Modified: 2010-04-11
If we encrypt "my secret1" and get "Q52vAsLfzoFEnQ"
and  encrypt "my secret2"  and get "F52vHsLfzoOEnF"

from these result Can We find the encrypted KEY?
 or Can we encrypt "my secret3" without knowing the KEY?
Thank you

PS If you have code examples, I prefer VB
Question by:udanabanana
LVL 18

Accepted Solution

PowerIT earned 1200 total points
ID: 16298221
Also, I must question why you are asking this. Why do you need this?

Anyway, when researching this further you will probably find out by yourself what I'm going to tell. No big secrets here.
What you are referring to is cryptanalysis. Trying to find the key from known plaintext is called a 'known-plaintext attack'. Logical eh?
If you have access to the encryption algorithm but not the key you could try a Differential or Linear Cryptanalysis.
Encrypting without knowing the key is near to impossible.
You will need to have a deep understanding of cryptography to pull off something like this.
E.g. understand the difference between transposition and substitution, symmetric and asymmetric, block and stream ciphers, how s-boxes work, with IV's are etc ...
A lot of study work.
And the algorithm used must be breakable. From the looks of your example, there seems to be not much randomness in the resulting ciphertext.
Probably not a well established algorithm, but I could be fooled from one sample :-)
I won't give you more info without knowing your motifs. And as I can't verify those on such a forum, don't bother to ask any further.

For an intro to cryptography: http://home.earthlink.net/~mylnir/crypt.html
For an intro and vb example, have a look at: http://www.freevbcode.com/ShowCode.asp?ID=4688
Of course, the site of the NIST also has a lot of information: http://csrc.nist.gov/

LVL 32

Assisted Solution

jhance earned 240 total points
ID: 16299104
The simple answer is "you can't!"  Unless, of course, a lame encryption algorithm is being used.  The whole idea behind solid encrpytion is to make key recovery nearly impossible no matter what.  The situation you've described is a classic cryptography problem, where the hacker has gained the ability to encrypt whatever messages he wants and see the result.  But cryptosystems are designed to PREVENT recovery of the key in such situations.

On a practical side, however.  The above encryption scheme appears to my eyes to be "lame" since there is clearly a relationship between the two encrypted strings.

Assisted Solution

MichaelPro earned 400 total points
ID: 16305264

The answer is: Maybe. And the maybe depends on the encryption algorithm that you use. For instance, if you use Base64 encryption, yes; you can find online decryptors on the web or you decrypt it yourself. Otherwise, you will not be able to decrypt it.

Look at it this way. you but two Lock/Key from the store; both same brand. Key 1 locks Lock1, and Key 2 locks Lock2. you know how the Key/Lock operates and you can see the key on your hand. But, can you fnd out how the 'cams' are placed to open the lock? The answer is no, unless the lock is using a very weak combination (or flat key, for example).

Also , there are many encryption algorithms that they don't even send the key over the wire.

hope this clears up.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 32

Assisted Solution

masnrock earned 80 total points
ID: 16306078
All that's been needed to be said has been said. Weak algorithms would make it fairly easy... many more attacks tend to try to trick other machines into doing the work for them.

But I would have to agree with why you'd want to do this? Don't get me wrong, it's a great thing to try to study to cryptography and to seek out the weaknesses in a given algorithm, but your question as it's posed leaves me wondering the actual intent.

But to stick with your question, you would have to guess the algorithm used in order to be able to do anything. But also, you'd have to try to figure out what keys were used assuming there was a key. So it's really not necessarily a matter of a yes/no, do it this way method. You have to analyze the algorithm for patterns, then try to work out some fairly complex math.

Assisted Solution

nepostojeci_email earned 80 total points
ID: 16309432
The point of the encryption/decryption is to not to be able to reveal
the key of the encryption. You can try manually guessing or get some
brute force cracking tools that'll try that instead, but the answer to your
question is "it cannot be done easily, but yes, it can be done."

Expert Comment

ID: 16313737
it can be but depending on the encryption you may have to try every key for the next whatever years. For instance, trying to guess a password with 8 digit can take you up to 6,553,600,000,000 tries.

Author Comment

ID: 16316306
Thnks for the support. This did help me. The sample I used is just generated one.. not actual. I just want verify how secure is my system.

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question