IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.83 Compromising cryptographic codes
When cryptographic procedures are used, the gain in security depends to a
large extent on how confidential the secret cryptographic codes are. With
knowledge of both the code and the cryptomethod used, it is normally easy to
revert the encoding and obtain plain text. A potential perpetrator will therefore
attempt to ascertain the code used. Possible points of attack are:
- Unsuitable processes are used to produce the code, for example to
determine random numbers or derive the code.
- The codes that are produced are exported before they are stored using a
safe medium.
- During operation, codes from cryptomodules are exported through
technical attacks .
- Codes left as backup are stolen.
- When cryptographic codes are entered, the codes cracked by perpetrators.
- The cryptomethods in use are cracked. In the case of symmetric
cryptographic techniques such as DES, for example, it is currently possible
to determine the code using huge numbers of parallel computers (bruteforce
attack).
- Internal perpetrators give away cryptographic codes in use.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000