Breaking Cryptography

Breaking cryptography typically involves attempting to discover the secret key that was used to encrypt a message. Once the secret key is discovered, it can be used to decrypt the original message, making it readable. There are a variety of methods that can be used to try to break a cryptographic system, including −

  • Brute force − Trying all possible secret keys until the correct one is found.

  • Ciphertext-only attack − Attempting to decrypt a message without knowing the key, but only having access to the ciphertext (the encrypted message).

  • Known plaintext attack − Attempting to decrypt a message by having both the ciphertext and some plaintext (unencrypted) text that is known to be in the message.

  • Side-channel attack − Attempting to discover the secret key by analyzing information about the encryption process that is not part of the ciphertext or plaintext, such as the amount of time it takes to encrypt a message or the power consumption of the device performing the encryption.

It's important to note that some encryption method are unbreakable with today's technology. However, there are also encryption method that are considered as weak and can be broken very easily. It's important to keep in mind that no encryption method can be considered unbreakable, and as computational power and techniques continue to evolve, encryption methods that were once thought to be secure may become vulnerable to attack.

It's also worth noting that there are many legal restrictions on the breaking of encryption methods, it is not legal everywhere, it depends on country-specific regulations. Breaking encryption methods can also cause reputational damage, so it is best to consult with a legal expert before attempting to break encryption.

Why we use Breaking Cryptography

While breaking encryption is generally viewed as a negative activity, there are some legitimate reasons why someone might want to do it. Some examples include −

  • National security − Government agencies may want to break the encryption used by terrorist organizations or other hostile actors in order to gather intelligence or disrupt their operations.

  • Law enforcement − Police may want to break the encryption used by criminals in order to gather evidence for a criminal investigation.

  • Corporate security − A company may want to break the encryption used by a competitor or a malicious actor in order to steal trade secrets or protect their own intellectual property.

  • Penetration testing − Companies and organizations may want to test their own systems for vulnerabilities by trying to break their own encryption in order to identify and fix any weaknesses.

It's important to note that some of these use cases have caused controversy due to the privacy and security implications of breaking encryption. Also Breaking encryption without proper legal authorization and can lead to criminal charges. Before attempting to break encryption, it's important to consult with legal experts to ensure that you are operating within the bounds of the law and that you have a legitimate need to do so.


Here are a few examples of situations where encryption has been broken −

In the late 1990s, the US National Security Agency (NSA) developed a technique for breaking the encryption used by a specific type of VPN (Virtual Private Network) called PPTP (Point-to-Point Tunneling Protocol). The technique relied on a weakness in the implementation of the encryption algorithm, which allowed the NSA to decrypt the VPN traffic and read the plaintext.

In 2016, a group of researchers from the Netherlands and Belgium were able to break the encryption used by the GSM (Global System for Mobile Communications) mobile phone standard. GSM is used by over 80% of mobile phones worldwide, and the researchers were able to intercept and decrypt voice and text messages sent over the network.

In 2019, it was reported that a group of researchers from academic institutions and companies including Google, INRIA, and CWI had developed a technique for breaking the encryption used by the TLS (Transport Layer Security) protocol. TLS is used to secure many different types of internet communications, including HTTPS (the secure version of HTTP used for online shopping, banking, etc). The researchers were able to decrypt a previously captured and recorded sample of encrypted internet traffic in real time.

In 2020, NSA published the details of a "Double Pulsar" malware that can break the encryption of Windows SMB(Server Message Block) communication protocol and allows attackers to gain remote access and control over affected systems.

It's important to note that breaking encryption often relies on exploiting weaknesses or vulnerabilities in specific encryption algorithms or implementations, rather than breaking the encryption itself. In these situations, the encryption can be made stronger by addressing the specific weakness or vulnerability.

Here are a couple of examples of how encryption might be implemented in code −

AES (Advanced Encryption Standard) encryption in Python

from Crypto.Cipher import AES

# AES key must be either 16, 24, or 32 bytes long
key = b'Sixteen byte key'

# Create a new AES cipher object
cipher =, AES.MODE_EAX)

# The plaintext message we want to encrypt
message = b'The quick brown fox jumps over the lazy dog'

# Encrypt the message and return the ciphertext
ciphertext, tag = cipher.encrypt_and_digest(message)


RSA (Rivest-Shamir-Adleman) encryption in Python

from Crypto.PublicKey import RSA

# Generate a new RSA key pair
key = RSA.generate(2048)

# The plaintext message we want to encrypt
message = b'The quick brown fox jumps over the lazy dog'

# Encrypt the message using the public key
ciphertext = key.encrypt(message, 32)[0]


It's worth noting that the above examples are relatively simple and are intended to demonstrate how encryption might be implemented in code, in reality encryption is more complex and implementation is harder. In most situations, it's best to use a well-established library rather than trying to implement encryption from scratch. Also it's important to make sure you understand the encryption method and how to use it properly and securely.

Both AES and RSA are widely used encryption method but AES is symmetric and RSA is assymetric, which means they are used in different scenarios. AES is faster and more efficient for encrypting large amount of data while RSA is more secure and suitable for encrypting small amount of data such as keys or digital signature.