Affine cipher: Issues in current implementation #5
Description
- Input Validation:
- Currently, the program does not check whether the a key is co-prime with 26. If a is not co-prime with 26, the decryption will fail, as a modular inverse will not exist. An attacker can use this to cause denial of service by providing keys that don't have modular inverses, causing the decryption function to fail. This is not exactly an attack to break the cipher, but an exploitation of a weakness in the implementation to possibly cause service disruptions.
- Timing Attack:
- Though somewhat theoretical and less practical in this context, attackers might attempt to use the timing information (how long it takes to encrypt or decrypt a message) to find information about the keys, especially since the modular inverse function uses a loop that can take different amounts of time depending on the input.
To mitigate these two attack vectors, we might consider adding more robust input validation (such as checking whether a is co-prime with 26) and possibly considering ways to make the encryption and decryption times more consistent to prevent timing attacks.