Editing Cryptanalysis (section)

===Development of modern cryptography===
Governments have long recognized the potential benefits of cryptanalysis for [[Military espionage|intelligence]], both military and diplomatic, and established dedicated organizations devoted to breaking the codes and ciphers of other nations, for example, [[GCHQ]] and the [[National Security Agency|NSA]], organizations which are still very active today.

[[Image:TuringBombeBletchleyPark.jpg|thumb|The [[Bombe]] replicated the action of several [[Enigma machine]]s wired together. Each of the rapidly rotating drums, pictured above in a [[Bletchley Park]] museum mockup, simulated the action of an Enigma rotor.]]

Even though computation was used to great effect in the [[cryptanalysis of the Lorenz cipher]] and other systems during World War II, it also made possible new methods of cryptography [[orders of magnitude]] more complex than ever before. Taken as a whole, modern cryptography has become much more impervious to cryptanalysis than the pen-and-paper systems of the past, and now seems to have the upper hand against pure cryptanalysis.{{Citation needed|date=April 2012}} The historian [[David Kahn (writer)|David Kahn]] notes:<ref>[[David Kahn (writer)|David Kahn]] [https://fas.org/irp/eprint/kahn.html Remarks on the 50th Anniversary of the National Security Agency], November 1, 2002.</ref>

{{blockquote|text=Many are the cryptosystems offered by the hundreds of commercial vendors today that cannot be broken by any known methods of cryptanalysis. Indeed, in such systems even a [[Chosen-plaintext attack|chosen plaintext attack]], in which a selected plaintext is matched against its ciphertext, cannot yield the key that unlock[s] other messages. In a sense, then, cryptanalysis is dead. But that is not the end of the story. Cryptanalysis may be dead, but there is – to mix my metaphors – more than one way to skin a cat.}}

Kahn goes on to mention increased opportunities for interception, [[bugging]], [[side channel attack]]s, and [[quantum cryptography|quantum computers]] as replacements for the traditional means of cryptanalysis. In 2010, former NSA technical director Brian Snow said that both academic and government cryptographers are "moving very slowly forward in a mature field."<ref>Tim Greene, Network World, [http://www.networkworld.com/news/2010/030410-rsa-cloud-security-warning.html Former NSA tech chief: I don't trust the cloud] {{webarchive|url=https://web.archive.org/web/20100308105556/http://www.networkworld.com/news/2010/030410-rsa-cloud-security-warning.html |date=2010-03-08 }}. Retrieved March 14, 2010.</ref>

However, any postmortems for cryptanalysis may be premature. While the effectiveness of cryptanalytic methods employed by intelligence agencies remains unknown, many serious attacks against both academic and practical cryptographic primitives have been published in the modern era of computer cryptography:<ref>{{Cite book |url=https://nap.nationalacademies.org/read/26168/chapter/2 |title=Read "Cryptography and the Intelligence Community: The Future of Encryption" at NAP.edu |date=2022 |publisher=National Academies Press |doi=10.17226/26168 |isbn=978-0-309-49135-8 |language=en}}</ref>
* The [[block cipher]] [[Madryga]], proposed in 1984 but not widely used, was found to be susceptible to [[ciphertext-only attack]]s in 1998.
* [[FEAL|FEAL-4]], proposed as a replacement for the [[Data Encryption Standard|DES]] standard encryption algorithm but not widely used, was demolished by a spate of attacks from the academic community, many of which are entirely practical.
* The [[A5/1]], [[A5/2]], [[CMEA (cipher)|CMEA]], and [[DECT Standard Cipher|DECT]] systems used in [[mobile phone|mobile]] and wireless phone technology can all be broken in hours, minutes or even in real-time using widely available computing equipment.
* [[Brute-force search|Brute-force keyspace search]] has broken some real-world ciphers and applications, including single-DES (see [[EFF DES cracker]]), [[Cryptography#Export controls|40-bit "export-strength" cryptography]], and the [[Content Scrambling System|DVD Content Scrambling System]].
* In 2001, [[Wired Equivalent Privacy]] (WEP), a protocol used to secure [[Wi-Fi]] [[wireless network]]s, was shown to be breakable in practice because of a weakness in the [[RC4]] cipher and aspects of the WEP design that made [[related-key attack]]s practical. WEP was later replaced by [[Wi-Fi Protected Access]].
* In 2008, researchers conducted a proof-of-concept break of [[Transport Layer Security|SSL]] using weaknesses in the [[MD5]] [[Cryptographic hash function|hash function]] and certificate issuer practices that made it possible to exploit [[collision attack]]s on hash functions. The certificate issuers involved changed their practices to prevent the attack from being repeated.

Thus, while the best modern ciphers may be far more resistant to cryptanalysis than the [[Enigma machine|Enigma]], cryptanalysis and the broader field of [[information security]] remain quite active.<ref>{{Cite web|url=https://www.garykessler.net/library/crypto.html|title=An Overview of Cryptography|website=www.garykessler.net|access-date=2019-06-03}}</ref>