Register to reply

How long to crack this encryption by brute-force ?

Share this thread:
AlephZero
#19
Mar6-14, 02:59 PM
Engineering
Sci Advisor
HW Helper
Thanks
P: 7,160
Quote Quote by Filip Larsen View Post
In short, your scheme is trivially broken.
I think the main difficulty that "Postman Pat" would have breaking this, is guessing what type of encryption system you used. If that fact is public knowledge, cracking the details is easy enough, as others have said.

Of course principle applies at any level of security. Cracking the WWII Enigma code became a lot easier, after the Allies captured a working Enigma machine.

(And the fact that some dumbo in the middle of the North African desert sent a daily status report with exactly the same message, "nothing to report", also helped!)
Filip Larsen
#20
Mar6-14, 03:35 PM
PF Gold
Filip Larsen's Avatar
P: 960
Quote Quote by AlephZero View Post
I think the main difficulty that "Postman Pat" would have breaking this, is guessing what type of encryption system you used. If that fact is public knowledge, cracking the details is easy enough, as others have said.
Security by obscurity [1] is generally considered a "fallacy" nowadays (as the DRM tech business repeatedly has found out the hard way). All Pat needs to do in this case is not to try break the encryption himself but merely enroll someone who can, and that is very easy and fairly cheap these day I'm told.

[1] http://en.wikipedia.org/wiki/Security_through_obscurity
nsaspook
#21
Mar6-14, 04:08 PM
P: 642
I would suggest the OP and the 'Postman' take a look at CrypTool: http://www.cryptool.org/en/cryptool2-en
AlephZero
#22
Mar6-14, 05:07 PM
Engineering
Sci Advisor
HW Helper
Thanks
P: 7,160
Quote Quote by Filip Larsen View Post
Security by obscurity [1] is generally considered a "fallacy" nowadays (as the DRM tech business repeatedly has found out the hard way). All Pat needs to do in this case is not to try break the encryption himself but merely enroll someone who can, and that is very easy and fairly cheap these day I'm told.
I don't disagree with that, but I was assuming the only help he would have was feline
harborsparrow
#23
Mar7-14, 07:59 AM
PF Gold
harborsparrow's Avatar
P: 347
Well...if you're truly worried about cyber attacks, let me reassure you (not). Google recently widened all their keys to 2048 bits: http://news.cnet.com/8301-1023_3-576...r-web-privacy/

As for brute force attacks, "how long" it takes depends on luck (i.e., it could find your private key on the 3rd try). If you are worried about best case, besides the maximum number of operations a brute force search might take, one has to know the computing platform. So if the tries are on a massively parallel platform, it could be relatively faster.
harborsparrow
#24
Mar7-14, 08:02 AM
PF Gold
harborsparrow's Avatar
P: 347
Note, I changed the above after posting. I had gotten sidetracked and tried to make it back on topic. Sorry!
B0b-A
#25
Mar7-14, 09:15 AM
P: 50
Quote Quote by Baluncore View Post
B0b-A. Do you really have a need for a strong cipher?
What makes you think your data is worth reading?
It is often safer to use plain text, and to avoid criminal activity.
I'm not engaged in any criminal activity : my main use for this encryption is storing passwords on removable media. If I lost a memory-stick with my passwords for online-logins in plaintext, anyone who found it could have access to online accounts 8Čo

Quote Quote by Baluncore View Post
When you are framed on a drug trafficking charge, your unbroken encrypted messages will be presented as evidence of conspiracy and organised crime.
That's a paranoid notion, but if required by law* I can decrypt the messages to show they are legitimate.
[ * I'm in the UK where you can go to jail if you don't tell Constable Plod the password ... http://www.theregister.co.uk/2007/10...on_keys_power/ ]

Quote Quote by Baluncore View Post
By employing a secure cipher system, you nail a target to your forehead.
If one wanted to conceal an encrypted message one would employ steganography.
B0b-A
#26
Mar7-14, 09:59 AM
P: 50
Quote Quote by AlephZero View Post
(And the fact that some dumbo in the middle of the North African desert sent a daily status report with exactly the same message, "nothing to report", also helped!)
That's where the initialization vector comes in handy : different every time ...



http://www.fourmilab.ch/javascrypt/
Attached Thumbnails
nothing to report 2.gif  
Baluncore
#27
Mar7-14, 01:58 PM
Sci Advisor
Thanks
P: 1,910
The local secure storage of your own passwords is a quite different scenario to passing regular traffic over an open channel.

We can assume that your opposition is a criminal who has access to your encrypted vault of passwords, to your encryption algorithm and to one of your clear passwords. They need the key to your encrypted vault.

The problem then reduces to one of reversing the system for each encrypted password.
For each encrypted password, they calculate the vault key that would be needed to generate the one known password. For n encrypted passwords in the vault, that produces n trial keys. Each of those n trial keys can then be tested against other encrypted passwords in the vault to identify which of the n is the valid key to your vault.

The partial trial keys may be sparse and there are complexities, but it certainly does not need a brute force search. The greatest weakness is probably the password table format in the vault coupled with the simple substitution.
Baluncore
#28
Mar7-14, 02:23 PM
Sci Advisor
Thanks
P: 1,910
Quote Quote by https://code.google.com/p/bletchley/
Cryptography is hard. Most software developers realize this. Security dogma of "don't invent your own crypto; use standard algorithms" has been a "best practice" for some time. But what does this mean?
https://code.google.com/p/bletchley/


Register to reply

Related Discussions
How long for a computer to write out a Googolplex (Not Homework) General Math 9
How long can I run my computer using an Inverter? Electrical Engineering 8
Computer could retain any information as long as its user desires Electrical Engineering 1
How long can we wait before we absolutely must take steps to protectagainst quantum computer attacks? General Physics 0
How long can you look a computer screen? General Discussion 17