cryptographyaescryptanalysis

Get the AES key from an encrypted file using an already decrypted version of the same file


Is that even possible? The encrypted file uses AES-128 in CBC mode. I already have its decrypted version, but I don't know the key that was used to encrypt it, and I need it (I prefer to not say the reason).

I know both files are the same because the padding was disabled (they have the same size). I also know the Initialization Vector that was used in the encryption process, if that helps.


Solution

  • What you describe is a 'known plaintext attack'. Encryption algorithms vulnerable to known plaintext attacks are considered broken; you would not find AES used for anything of any import if it was vulnerable to the KPA. As such, no, you cannot recover the key given just the plaintext and ciphertext - at least, not with any known attack against AES.

    However, if you can reduce the keyspace (eg, if you know that the key is the md5 of an eight-character alphanumeric password), you may be able to brute-force the correct key. Reducing the keyspace first is essential, however, for this attack to complete before the sun burns out.