Standardlikelihood: Lowseverity: Very HighDraft

CAPEC-97Cryptanalysis

Abstraction
Standard
Status
Draft
Likelihood
Low
Severity
Very High

Description

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).

Related weaknesses· 5

CWE-327CWE-1204CWE-1240CWE-1241CWE-1279

Related attack patterns· 2

CAPEC-192 (ChildOf)CAPEC-20 (CanPrecede)

Exploits5

TypeTargetConfidenceTier
WeaknessUse of Predictable Algorithm in Random Number Generatorcwe-1241100%live
WeaknessCryptographic Operations are run Before Supporting Units are Readycwe-1279100%live
WeaknessGeneration of Weak Initialization Vector (IV)cwe-1204100%live
WeaknessUse of a Broken or Risky Cryptographic Algorithmcwe-327100%live
WeaknessUse of a Cryptographic Primitive with a Risky Implementationcwe-1240100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Encryption Brute Forcing
CAPEC
Protocol Analysis
CAPEC
Brute Force
CAPEC
Cryptanalysis of Cellular Encryption
CAPEC
White Box Reverse Engineering
CAPEC
Password Brute Forcing
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.