Can I recover a lost AES key?
I had encrypted 2 MySQL databases with AES_ENCRYPT in ECB 128 bit mode. Now I forgot my encryption key, but I have plain text (I have one database without encryption and same with encryption). How to find the encryption key so I can decrypt my other database?
I heard about known plain text attack, how to do this? Is there any tool in Kali Linux or some python script on GitHub?
encryption aes mysql
edited Dec 17 at 13:33
Baptiste Candellier
1634
asked Dec 17 at 6:14
hui san ki
7914
add a comment |
I had encrypted 2 MySQL databases with AES_ENCRYPT in ECB 128 bit mode. Now I forgot my encryption key, but I have plain text (I have one database without encryption and same with encryption). How to find the encryption key so I can decrypt my other database?
I heard about known plain text attack, how to do this? Is there any tool in Kali Linux or some python script on GitHub?
encryption aes mysql
edited Dec 17 at 13:33
Baptiste Candellier
1634
asked Dec 17 at 6:14
hui san ki
7914
3
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
20
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
1
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03
add a comment |
I had encrypted 2 MySQL databases with AES_ENCRYPT in ECB 128 bit mode. Now I forgot my encryption key, but I have plain text (I have one database without encryption and same with encryption). How to find the encryption key so I can decrypt my other database?
I heard about known plain text attack, how to do this? Is there any tool in Kali Linux or some python script on GitHub?
encryption aes mysql
edited Dec 17 at 13:33
Baptiste Candellier
1634
asked Dec 17 at 6:14
hui san ki
7914
I had encrypted 2 MySQL databases with AES_ENCRYPT in ECB 128 bit mode. Now I forgot my encryption key, but I have plain text (I have one database without encryption and same with encryption). How to find the encryption key so I can decrypt my other database?
I heard about known plain text attack, how to do this? Is there any tool in Kali Linux or some python script on GitHub?
encryption aes mysql
encryption aes mysql
edited Dec 17 at 13:33
Baptiste Candellier
1634
asked Dec 17 at 6:14
hui san ki
7914
edited Dec 17 at 13:33
Baptiste Candellier
1634
asked Dec 17 at 6:14
hui san ki
7914
edited Dec 17 at 13:33
Baptiste Candellier
1634
edited Dec 17 at 13:33
Baptiste Candellier
1634
edited Dec 17 at 13:33
Baptiste Candellier
1634
1634
asked Dec 17 at 6:14
hui san ki
7914
asked Dec 17 at 6:14
hui san ki
7914
asked Dec 17 at 6:14
hui san ki
7914
7914
3
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
20
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
1
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03
add a comment |
3
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
20
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
1
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03
3
3
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
20
20
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
1
1
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03
add a comment |
5 Answers
5
active
oldest
votes
Realistically, no you cannot. AES is very resistant to known plaint text attacks like most block ciphers.
It's lucky you didn't lose any information and have the original database backup because your only real option would be to try brute force the encryption, which is likely to take longer than the length of the universe (unless you can greatly narrow down possible keys by almost remembering your password?)
answered Dec 17 at 6:25
Aide
31118
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
|
show 2 more comments
What you are asking for is a known-plain-text attack (KPA). The weakness you describe in ECB is where two encrypted blocks with the same plaintext are encrypted with the same ciphertext.
This just means you know that two encrypted blocks in the ciphertext look the same, it doesn't mean that you can recover the plain text easily. The answer is: no you will not be able to recover the key.
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
add a comment |
In theory it is possible, but in practice no. but you can try to guess it. Given a plain text and a ciphertext, you can try every possible key to see which one works. For AES-128, 340 undecillion keys.
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years).
answered Dec 18 at 17:04
Praveen Yadav
586
add a comment |
At the time you created your key or password, you probably stored it in a file or wrote it on a piece of paper. Get yourself an "undeletion" program (good ones are available for free, just search) and look over your previously deleted files... You may find it there.
answered Dec 17 at 14:07
David Spector
173
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
add a comment |
This is called a known plaintext attack against a cipher and is a major design consideration. What you want to do is considered to not be possible barring any major revelation into a weakness in AES. There is another Q/A here that might help you understand further:
https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks
Ciphers only operate on a fixed length of bits, so chaining modes are used to encrypt arbitrary lengths of data. ECB is the most simple one, it just encrypts one block at a time. The main weakness is that identical blocks produce the same encrypted output which is a major leak of information. It also creates opportunities for replay attacks where an attacker can just re-send encrypted blocks that they think they know the contents of. Unfortunately this does not get you anywhere closer to key recovery with a known plain text.
One viable attack for you might be if you used a password to generate the key, and you remember for example that it is exactly 12 characters long and has three digits. This majorly limits the password space and might allow a brute force analysis to work.
answered Dec 18 at 6:05
trognanders
2,2521711
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199879%2fcan-i-recover-a-lost-aes-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
Realistically, no you cannot. AES is very resistant to known plaint text attacks like most block ciphers.
It's lucky you didn't lose any information and have the original database backup because your only real option would be to try brute force the encryption, which is likely to take longer than the length of the universe (unless you can greatly narrow down possible keys by almost remembering your password?)
answered Dec 17 at 6:25
Aide
31118
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
|
show 2 more comments
Realistically, no you cannot. AES is very resistant to known plaint text attacks like most block ciphers.
It's lucky you didn't lose any information and have the original database backup because your only real option would be to try brute force the encryption, which is likely to take longer than the length of the universe (unless you can greatly narrow down possible keys by almost remembering your password?)
answered Dec 17 at 6:25
Aide
31118
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
|
show 2 more comments
Realistically, no you cannot. AES is very resistant to known plaint text attacks like most block ciphers.
It's lucky you didn't lose any information and have the original database backup because your only real option would be to try brute force the encryption, which is likely to take longer than the length of the universe (unless you can greatly narrow down possible keys by almost remembering your password?)
answered Dec 17 at 6:25
Aide
31118
Realistically, no you cannot. AES is very resistant to known plaint text attacks like most block ciphers.
It's lucky you didn't lose any information and have the original database backup because your only real option would be to try brute force the encryption, which is likely to take longer than the length of the universe (unless you can greatly narrow down possible keys by almost remembering your password?)
answered Dec 17 at 6:25
Aide
31118
answered Dec 17 at 6:25
Aide
31118
answered Dec 17 at 6:25
Aide
31118
answered Dec 17 at 6:25
Aide
31118
31118
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
|
show 2 more comments
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
Then, why people say "ECB is insecure" ?
– hui san ki
Dec 17 at 6:30
3
3
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
Have a read of: crypto.stackexchange.com/questions/20941/… A crypto protocol being 'insecure' doesn't always mean it can be easily cracked, just that it is not as secure as other alternatives.
– Aide
Dec 17 at 6:33
4
4
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
@huishanki To elaborate: ECB's insecurity is in recovering information about the plaintext from the ciphertext (see the linked answer for examples). Since you already have the plaintext, this is of very little use to you.
– Cyclic3
Dec 17 at 11:05
13
13
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
I love this picture on Wikipedia of and ECB-encrypted bitmap.
– David Ehrmann
Dec 17 at 16:30
2
2
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
@huishanki, ECB doesn't hide large-scale patterns in the data, and the same partial plaintext always encrypts to the same partial ciphertext. Using ECB means that if you know part of the data in both plain and encrypted forms, you can find other places that have the same encrypted form, and you then know what the plaintext form of that part of the data is.
– Mark
Dec 18 at 4:16
|
show 2 more comments
What you are asking for is a known-plain-text attack (KPA). The weakness you describe in ECB is where two encrypted blocks with the same plaintext are encrypted with the same ciphertext.
This just means you know that two encrypted blocks in the ciphertext look the same, it doesn't mean that you can recover the plain text easily. The answer is: no you will not be able to recover the key.
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
add a comment |
What you are asking for is a known-plain-text attack (KPA). The weakness you describe in ECB is where two encrypted blocks with the same plaintext are encrypted with the same ciphertext.
This just means you know that two encrypted blocks in the ciphertext look the same, it doesn't mean that you can recover the plain text easily. The answer is: no you will not be able to recover the key.
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
add a comment |
What you are asking for is a known-plain-text attack (KPA). The weakness you describe in ECB is where two encrypted blocks with the same plaintext are encrypted with the same ciphertext.
This just means you know that two encrypted blocks in the ciphertext look the same, it doesn't mean that you can recover the plain text easily. The answer is: no you will not be able to recover the key.
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
What you are asking for is a known-plain-text attack (KPA). The weakness you describe in ECB is where two encrypted blocks with the same plaintext are encrypted with the same ciphertext.
This just means you know that two encrypted blocks in the ciphertext look the same, it doesn't mean that you can recover the plain text easily. The answer is: no you will not be able to recover the key.
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
answered Dec 17 at 6:47
Lucas Kauffman
48.6k1798186
48.6k1798186
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
add a comment |
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Since it's in ECB mode, and the two DBs use the same key, isn't it possible to figure out from the first database a dictionary of the ciphertext corresponding to any given plaintext in the first database, and use that to look up a partial plaintext for the second?
– Ben
Dec 17 at 15:39
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
Thats providing all your block permutations can map back to a plaintext. Which wont be the case.
– Lucas Kauffman
Dec 17 at 15:42
add a comment |
In theory it is possible, but in practice no. but you can try to guess it. Given a plain text and a ciphertext, you can try every possible key to see which one works. For AES-128, 340 undecillion keys.
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years).
answered Dec 18 at 17:04
Praveen Yadav
586
add a comment |
In theory it is possible, but in practice no. but you can try to guess it. Given a plain text and a ciphertext, you can try every possible key to see which one works. For AES-128, 340 undecillion keys.
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years).
answered Dec 18 at 17:04
Praveen Yadav
586
add a comment |
In theory it is possible, but in practice no. but you can try to guess it. Given a plain text and a ciphertext, you can try every possible key to see which one works. For AES-128, 340 undecillion keys.
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years).
answered Dec 18 at 17:04
Praveen Yadav
586
In theory it is possible, but in practice no. but you can try to guess it. Given a plain text and a ciphertext, you can try every possible key to see which one works. For AES-128, 340 undecillion keys.
As shown above, even with a supercomputer, it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. This is more than the age of the universe (13.75 billion years).
answered Dec 18 at 17:04
Praveen Yadav
586
answered Dec 18 at 17:04
Praveen Yadav
586
answered Dec 18 at 17:04
Praveen Yadav
586
answered Dec 18 at 17:04
Praveen Yadav
586
586
add a comment |
add a comment |
At the time you created your key or password, you probably stored it in a file or wrote it on a piece of paper. Get yourself an "undeletion" program (good ones are available for free, just search) and look over your previously deleted files... You may find it there.
answered Dec 17 at 14:07
David Spector
173
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
add a comment |
At the time you created your key or password, you probably stored it in a file or wrote it on a piece of paper. Get yourself an "undeletion" program (good ones are available for free, just search) and look over your previously deleted files... You may find it there.
answered Dec 17 at 14:07
David Spector
173
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
add a comment |
At the time you created your key or password, you probably stored it in a file or wrote it on a piece of paper. Get yourself an "undeletion" program (good ones are available for free, just search) and look over your previously deleted files... You may find it there.
answered Dec 17 at 14:07
David Spector
173
At the time you created your key or password, you probably stored it in a file or wrote it on a piece of paper. Get yourself an "undeletion" program (good ones are available for free, just search) and look over your previously deleted files... You may find it there.
answered Dec 17 at 14:07
David Spector
173
answered Dec 17 at 14:07
David Spector
173
answered Dec 17 at 14:07
David Spector
173
answered Dec 17 at 14:07
David Spector
173
173
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
add a comment |
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
2
2
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
Welcome to the site! On a Q&A site like this one, the answers are meant to match the questions (so that future visitors can find what they are looking for): while it is a good idea to check for paper notes and to try using 'undelete' software, the question is specifically about recovering an AES key based on a known plaintext. An answer solely based on random tips does not really answer the question.
– Luc
Dec 17 at 15:23
add a comment |
This is called a known plaintext attack against a cipher and is a major design consideration. What you want to do is considered to not be possible barring any major revelation into a weakness in AES. There is another Q/A here that might help you understand further:
https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks
Ciphers only operate on a fixed length of bits, so chaining modes are used to encrypt arbitrary lengths of data. ECB is the most simple one, it just encrypts one block at a time. The main weakness is that identical blocks produce the same encrypted output which is a major leak of information. It also creates opportunities for replay attacks where an attacker can just re-send encrypted blocks that they think they know the contents of. Unfortunately this does not get you anywhere closer to key recovery with a known plain text.
One viable attack for you might be if you used a password to generate the key, and you remember for example that it is exactly 12 characters long and has three digits. This majorly limits the password space and might allow a brute force analysis to work.
answered Dec 18 at 6:05
trognanders
2,2521711
add a comment |
This is called a known plaintext attack against a cipher and is a major design consideration. What you want to do is considered to not be possible barring any major revelation into a weakness in AES. There is another Q/A here that might help you understand further:
https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks
Ciphers only operate on a fixed length of bits, so chaining modes are used to encrypt arbitrary lengths of data. ECB is the most simple one, it just encrypts one block at a time. The main weakness is that identical blocks produce the same encrypted output which is a major leak of information. It also creates opportunities for replay attacks where an attacker can just re-send encrypted blocks that they think they know the contents of. Unfortunately this does not get you anywhere closer to key recovery with a known plain text.
One viable attack for you might be if you used a password to generate the key, and you remember for example that it is exactly 12 characters long and has three digits. This majorly limits the password space and might allow a brute force analysis to work.
answered Dec 18 at 6:05
trognanders
2,2521711
add a comment |
This is called a known plaintext attack against a cipher and is a major design consideration. What you want to do is considered to not be possible barring any major revelation into a weakness in AES. There is another Q/A here that might help you understand further:
https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks
Ciphers only operate on a fixed length of bits, so chaining modes are used to encrypt arbitrary lengths of data. ECB is the most simple one, it just encrypts one block at a time. The main weakness is that identical blocks produce the same encrypted output which is a major leak of information. It also creates opportunities for replay attacks where an attacker can just re-send encrypted blocks that they think they know the contents of. Unfortunately this does not get you anywhere closer to key recovery with a known plain text.
One viable attack for you might be if you used a password to generate the key, and you remember for example that it is exactly 12 characters long and has three digits. This majorly limits the password space and might allow a brute force analysis to work.
answered Dec 18 at 6:05
trognanders
2,2521711
This is called a known plaintext attack against a cipher and is a major design consideration. What you want to do is considered to not be possible barring any major revelation into a weakness in AES. There is another Q/A here that might help you understand further:
https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks
Ciphers only operate on a fixed length of bits, so chaining modes are used to encrypt arbitrary lengths of data. ECB is the most simple one, it just encrypts one block at a time. The main weakness is that identical blocks produce the same encrypted output which is a major leak of information. It also creates opportunities for replay attacks where an attacker can just re-send encrypted blocks that they think they know the contents of. Unfortunately this does not get you anywhere closer to key recovery with a known plain text.
One viable attack for you might be if you used a password to generate the key, and you remember for example that it is exactly 12 characters long and has three digits. This majorly limits the password space and might allow a brute force analysis to work.
answered Dec 18 at 6:05
trognanders
2,2521711
answered Dec 18 at 6:05
trognanders
2,2521711
answered Dec 18 at 6:05
trognanders
2,2521711
answered Dec 18 at 6:05
trognanders
2,2521711
2,2521711
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199879%2fcan-i-recover-a-lost-aes-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
See Is it possible to find the key for AES ECB if I have a list of plaintext and corresponding ciphertext?
– kelalaka
Dec 17 at 15:12
20
If recovering an encryption key knowing the plain text was a real possibility encryption would be worthless.
– zaph
Dec 17 at 17:16
Depends on the bit size tho.
– Valmond
Dec 17 at 21:47
1
When you say you “forgot”, do you mean it’s based on a passphrase that you forgot? I have a program that will try variations on an imperfectly-remembered passphrase. It can be useful if you remember the words but can’t remember the punctuation and such.
– Tom Zych
Dec 18 at 0:03