How easy would it be to break the encryption key if the attacker had part of the clear text message?

glalejos

Hi!,

I'm new to BoxCryptor and I find it to be a great solution for uploading files to the cloud. At this moment I'm using BoxCryptor to backup my personal data in Dropbox. How could Dropbox get access to one of my unencrypted files? Well, I'm a KeePass user, and my password database is part of my backup data set. What would happen if I lose my KeePass database? Simply put, my BoxCryptor backup would be useless as I wouldn't have any means to decrypt it...

Part of the solution is uploading my KeePass database both as part of the backup dataset and unencrypted in my Dropbox root directory. Yes, now my KeePass database is a clear text message with respect my BoxCryptor data...

Hence my question: how easy would it be to break the AES256 encryption key of my BoxCryptor data provided that the attacker had access to one of my unencrypted files?

Kind regards,

Guillermo

Christian

Hi Guillermo,

the situation you're describing is actually a well known attack model, generally referred to as a "known plaintext attack". You can rest assured though, there is no such an attack known for AES today.

The best theoretical attack in this direction would require the attacker to be able to encrypt files of *his* chosing with *your* key (called a "chosen plaintext attack"). And even then, he wouldn't be able do reduce the complexity of cracking AES-128 from 2^128 to 2^127. This means, he couldn't even reduce the time to crack AES-128 from 10^18 years to 10^17 years (on a modern supercomputer). For comparison: the age of the universe is estimated to be about 10^10 years...

And we are even using AES-256 :-)

Best regards,
Christian

glalejos

Thanks for your answer Christian, very tranquilizing :)

Best,

Guillermo