OBAKE Cryptanalysis:



This type of attack targets passwords and HASH functions and is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches. This technique seeks to find the result without necessarily testing all possible mathematical possibilities.

Important to say that there is no guaranteed security against a weak or leaked password. This affects any password-based program and systems worldwide. But to mitigate these risks, some procedures can be implemented:

  • OBAKE-512 generates its keys based on a password entered by the user or, in case of asymmetric encryption, based on the keys of the certificate. All key is preprocessed by OBAKE-512 to increase its entropy and security through various methods: computations, compliance HASH, compliance random generator.

  • OBAKE-512 works with a powerful 512-bit HASH function - a considerable space for this kind of attack (2512 possibilities) with a probable collision in 1.4 x 1077 possibilities.

  • OBAKE-512 has also "one-time" components in its keys, which ensure higher security and makes attack based on HASH dictionaries unuseful.

  • OBAKE-512 offers also a SECURE KEYBOARD to avoid password leakage due to the keyboard/screen monitoring related attacks, when user prefer to use a secret-key to encrypt information.

These methods raise the OBAKE-512 security much higher than necessary to resist this attack.

Bibliographic references

H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.

Rainbow-Table attack, https://en.wikipedia.org/wiki/Rainbow_table