# Decrypting files & forgotten password

## Main Question or Discussion Point

About 8 years ago. I put all my documents and pictures in dvd and encrypted them using Axcrypt 128 encryption software. I forgot the password. I need to open up some files. Any idea how to decrypt them? What company can decrypt them and how fast would it take?

Related Computing and Technology News on Phys.org
jedishrfu
Mentor
I don’t think you’re going to succeed without the password. These types of software are designed to be secure meaning it’s very difficult to crack.

A better strategy is to think what password you might have used like an old phone number, address... as people tend to use the same passwords over and over. Also you don’t think you stashed the password somewhere like on the DVD case or under the DVD insert.

I don’t think you’re going to succeed without the password. These types of software are designed to be secure meaning it’s very difficult to crack.

A better strategy is to think what password you might have used like an old phone number, address... as people tend to use the same passwords over and over. Also you don’t think you stashed the password somewhere like on the DVD case or under the DVD insert.
I totally forgot it. I chose my password by thinking randomly any object at that moment and I forgot what I thought of 8 years ago.. and it's combination of objects and adding some symbols too.

Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?

anorlunda
Mentor
Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?
You mean 128 bit key, not 128 bit file, correct?

NSA could probably do it today.

If you are really serious about retrieving the data, and you have the money, I suggest hypnosis to help you remember the password.

Don't forget, even if you have the key, you also need a machine to run that Acrypt software.

Staff Emeritus
2019 Award
You are almost certainly better off by trying candidate passwords. Say 200000 words, and up to five symbols, with 20 symbols possible. That's 239 which is much, much smaller than 2128. If it takes a millisecond to run a trial, you can do this in 20 years per core. If it takes a microsecond, you can do this in one week per core.

It's 128 bit key. In case a quantum computer got developed in future.. how would it decode the 128 bit key? does it try every combination of passcodes? but I heard convensional computer is equally fast in trying out all combinations..

The documents and pictures with lost encryption password is saved in Milleniata M-disc which can last for 1000 years.. so it can await the day quantum computer would become a reality.

Staff Emeritus
2019 Award
In case a quantum computer got developed in future.. how would it decode the 128 bit key?
You're asking how long it would take a piece of technology that doesn't even exist yet to do an unspecified amount of work. If I said 11.23487651 hours, would you believe me? If not, why not?

jedishrfu
Mentor
I totally forgot it. I chose my password by thinking randomly any object at that moment and I forgot what I thought of 8 years ago.. and it's combination of objects and adding some symbols too.

Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?
Try going back to the place where you did the encryption perhaps sitting there will jog your memory but really people are often afraid to use totally random stuff so my guess is its something that means something to you address, phone #, booktitle, book author, funny saying...

Do you still have the system drive from the machine on which you did the encryption? It's possible, although not likely, that it still has a cached copy of the passphrase. It's not likely, because the cache is normally cleared when the Windows session is ended.

To check the possibility, you could make a sector-by-sector, including empty sectors, physical clone of the drive, copying all sectors byte-by-byte, to a same-sized or larger drive on which all sectors have been write-initialized to binary zeroes, then boot from the clone, and attempt to open one of the .axx files from the context menu. If that doesn't work, it's possible that the passphrase could still be found with more exhaustive methods, but again. not very likely.

Probably your best option at that point, other than somehow remembering the passphrase, would be a dictionary attack, as @Vanadium 50 suggested, with a lexicon that is reduced in size by use of what lexical characteristics of the passphrase you can remember, such as whether you used all lowercase, used only common nouns, used only a subset of available numeric or special characters only at the start or end of the phrase, etc.. Anything you can eliminate from consideration reduces the number of possibilities you have to test for.

The difficulty of finding a better than brute force method for producing the key from the remaining possibilities is roughly that of finding the largest prime factors of a very large integer -- a quick method for doing that has not been proven, as far as is publicly known, to not exist, but as far as we know. Gauss, and other luminaries, tried without success to find one or prove that none could be found.

Although correctly implemented AES 128 is not known to be, or believed by experts to be, susceptible to a known-plaintext attack, the fact that image files have common header information can be used to check the candidate passphrases more quickly.

Last edited:
You always hear the news quantum computer can crack encryptions. Just wanna have general idea.. do they do it by trying out every combinations of words in the dictionary?

Millianiata M-disc bluray can last for 1000 years.. so maybe 300 years from now.. my descendant can open the files by having a personal quantum decryptor?

You always hear the news quantum computer can crack encryptions. Just wanna have general idea.. do they do it by trying out every combinations of words in the dictionary?
The dictionary attack works by first reducing the size of the problem. It tests only the likelier candidates for the passphrase used to generate the actual encryption key, rather than testing all the possible values of that key.

As a rule, unless the passphrase is very long, and very random, the number of possibilities for it is apt to be much smaller than 2^128, and as Vanadium 50 pointed out, the smaller number of possibilities could be manageable using conventional computational equipment that is readily available to private individuals.

Regarding use of quantum computers for decryption: fundamentally, the special capabilities of hypothetical quantum computing devices in the decryption arena are predicated upon quantum superposition phenomena that have been reliably observed under laboratory conditions.

Conceptually, and non-rigorously:

The two possible values for a normal bit, i.e. a binary digit, conventionally 1 and 0, could be visualized as being represented as the North and South poles at the opposite ends of an axis running through the center of a spinning sphere, the axis of spin being perpendicular to the equatorial plane that lies parallel to the direction of spin.​

In the case of a qubit, i.e. a quantum bit, there is no pre-determined orientation of that equatorial plane, so no yet-singular axis of spin, so no definite points to map to the two surface points at the opposite ends of the axis of spin. By superposition, before measurement intervenes, all the points on the surface are spin-axial endpoints simultaneously. For the decryption purpose, constructs are envisioned whereby a correct match, and only a correct match, will trigger the measurement, thereby eliminating all the other possibilities at once, and so selecting the correct one.​

Preliminary and ongoing experimentation strongly suggests that such an approach should be viewed as promising, but for practical purposes, as far as is publicly known, a working device with a sufficient number of qubits, and a sufficiently rapid, robust, and fully usable set of interfaces, is not yet available, and if such an assemblage becomes available, in the not especially immediate future, it will in its earliest manifestations continue to be cost-prohibitive for the decryption exigencies of ordinary private individuals.
Millianiata M-disc bluray can last for 1000 years.. so maybe 300 years from now.. my descendant can open the files by having a personal quantum decryptor?
I think it's not unlikely that something, whether it's quantum-based or not, will in time be able to accomplish such a purpose.

Last edited:
f95toli
Gold Member
You always hear the news quantum computer can crack encryptions. Just wanna have general idea.. do they do it by trying out every combinations of words in the dictionary?
A quantum computer might not be any faster than a conventional computer for a problem like this, at least not if the password is completely random (if it is not I guess i might be possible re-formulate it as a database search or optimization problem in which case a QC might help).
Quantum computers can break protocols that are based on the fact fact that some mathematical operations -such as factorization- are very hard (computationally expensive) on a classical computer but "easy" on a quantum computer. The typical example is RSA which is used for nearly all secure network communication; a quantum computer does NOT break RSA by "trying lots of combination", it simply runs an algorithm for factorization that is impossible to run on a classical computer (Shor's algorithm)

In your case there is presumably no mathematical problem to solve. What you have is akin to "one time pad crypto" which would be 100% secure if the key is longer than the message. The fact that you obviously have lots of data (much more than 128) means that it might still be possible to break but the attack would presumably be e.g. based on reducing the number of possibilities using statistics (which in turn would utilize knowledge about the nature of what is in the encrypted file, how e.g. JPEG files are saved) A QC would not be of any help here.

Anyway.. in encryption and decryption of files such as using Axcrypt.. does the password say 8 character become encryption code? so it is just 8 bit instead of 128 or 256 bit? How does the password got store in the file.. why can't you extract it..

How does file encryption generally work?

Anyway.. in encryption and decryption of files such as using Axcrypt.. does the password say 8 character become encryption code? so it is just 8 bit instead of 128 or 256 bit? How does the password got store in the file.. why can't you extract it..

How does file encryption generally work?
Here's a link to an entertaining, and reasonably accurate, exposition of AES, which is what Axcrypt implements: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

Staff Emeritus
2019 Award
@dahoa, are you asking for help, or are you taking this as an opportunity to ask a bunch of random questions on encryption? People are writing answers assuming one, but it sounds like you want the other.

How does the password got store in the file.. why can't you extract it..
The password is not stored in the file, that would defeat the entire purpose of encryption. The password is used to create a cipher text from you original plain text. The algorithms used are designed so that it is easy to recover the plain text from the cipher text if you know the key but very hard to to do if you don't know the key.

Thank God.. I found the password written in old notebook.. password is "Sh&^zmW~aaTeER26&"

Some of you said NSA can crack 128 key encryption.. Do they do it because they have faster computer? but how can they guess the above passwords even by inputting every dictionary words or combinations? Just want to know in case I or my friend forgot important passwords in the future..

I imagine that's a big relief for you -- 17 characters, mixed case, numerals, special chars -- that's a very strong (hard to guess) passphrase -- in your OP, you said you thought of an object, and that is what led to the suggestions about dictionary attacks.

Even with such a strong passphrase, the resources of the NSA are more than adequate to check every possible passphrase in a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

Publishing the password here obviously compromises the secrecy, but then again, it's presumably ordinarily private information -- like granny's secret recipes -- not national security top secret, and also presumably, we're not on a hunt for your M-Disc.

Passwords or passphrases that are not readily memorizable, such as yours, are probably best kept in a backed-up digital password vault, with a password or passphrase that is easy enough for you to remember, and still too hard for an attacker to guess, and written down (or at least clued-for) and kept somewhere safe just in case.

I imagine that's a big relief for you -- 17 characters, mixed case, numerals, special chars -- that's a very strong (hard to guess) passphrase -- in your OP, you said you thought of an object, and that is what led to the suggestions about dictionary attacks.

Even with such a strong passphrase, the resources of the NSA are more than adequate to check every possible passphrase in a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

Publishing the password here obviously compromises the secrecy, but then again, it's presumably ordinarily private information -- like granny's secret recipes -- not national security top secret, and also presumably, we're not on a hunt for your M-Disc.

Passwords or passphrases that are not readily memorizable, such as yours, are probably best kept in a backed-up digital password vault, with a password or passphrase that is easy enough for you to remember, and still too hard for an attacker to guess, and written down (or at least clued-for) and kept somewhere safe just in case.

I saved them again in m-disc without any passwords because they are just family pictures. For the 17 character password I used.. if you will try out every combination of them in brute force entry.. how do you compute how many combinations there are? What is the equation or formula? Just curious.

Tom.G
how do you compute how many combinations there are? What is the equation or formula? Just curious.
Start with the number of possible unique characters. As @sysprog said, in your case that is 95.
First position has 95 possible characters...
Second position has 95 possible characters...
So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 9517 ≈ 4.18×1033 different possible passwords.

4.18 decillion (American system)
4.18 quintilliard (European system)
4,180,000,000,000,000,000,000,000,000,000,000 (How long would it take you to count them, much less try them?)

Cheers,
Tom

Start with the number of possible unique characters. As @sysprog said, in your case that is 95.
First position has 95 possible characters...
Second position has 95 possible characters...
So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 9517 ≈ 4.18×1033 different possible passwords.

4.18 decillion (American system)
4.18 quintilliard (European system)
4,180,000,000,000,000,000,000,000,000,000,000 (How long would it take you to count them, much less try them?)

Cheers,
Tom
I'm using a core i5 about 3 gigahertz... how many years would it take to crack the 4,180,000,000,000,000,000,000,000,000,000,000 combination?

And how many times is the speed of the NSA computer faster than my corei5?

Just wanna have idea so next time I can try harder passwords because in Friendster, Twitter, etc I use only very simple combinations of password...

f95toli
Gold Member
Even with such a strong passphrase, the resources of the NSA are more than adequate to check every possible passphrase in a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

.
I doubt that.
There are 95^17=4.2*10^33 combinations
Lets say it takes one core 1 ns to check one combination. This means that it would take 4.2e24 seconds=1.3*10^17 years to test all combinations with one core
Now, the NSA will obviously have access to many, many cores; but even the fastest computers in the worlds will only have about 100 000 cores or so. Hence, this means that it would take of the order of 10^12 years (or about 7 times the age of the universe) to test all combinations if you used a brute force approach.

Note that I am not saying that they would not be able to crack the encryption in a reasonable amount of time; but they would use something a bit more clever than a brute force approach.

I'm using a core i5 about 3 gigahertz... how many years would it take to crack the 4,180,000,000,000,000,000,000,000,000,000,000 combination?
1 gigahertz is about 1 billion cycles per second, so, assuming you could evaluate 1 possibility per machine cycle (in reality, it takes many more than 1 cycle to evaluate 1 possibility) you can take 9 of the zeroes off that number, to get the number of seconds your i5 would require.

As @Tom.G so clearly and capably put it:
Start with the number of possible unique characters. As @sysprog said, in your case that is 95.
First position has 95 possible characters...
Second position has 95 possible characters...
So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 95174.18×1033(emphasis added -- sysprog) different possible passwords.

4.18 decillion (American system)
4.18 quintilliard (European system)
4,180,000,000,000,000,000,000,000,000,000,000 (How long would it take you to count them, much less try them?)

Cheers,
Tom
Subtracting 9 from the 10s exponent of 9517 ≈ 4.18×1033 leaves ≈ 4.18×1024. Dividing that by 60 seconds per minute, and by 1440 minutes per day, and by 365 days per year, we get 130,010,147,133,435,000 years. That's (US) 130 quadrillion, 10 trillion, 147 billion, 133 million, 435 thousand.
And how many times is the speed of the NSA computer faster than my corei5?
The fastest publicly displayed machines (measured in floating-point instructions per second, rather than in cpu cycles per second), about 5 years ago, were petascale computers, and they looked something like this:

That installation, at Argonne (my neck of the woods -- no I don't work there -- just a sometimes visitor), had 164,000 processor cores, each of them much faster than a 3 gigahertz i5. This one, from last year, at Oak Ridge:

runs at over over 200 petaflops (thousand teraflops = petaflops = quadrillions of floating point instructions per second.

Skipping teraflops (thousand gigaflops), petaflops allows us to take the 1024 down to 1018 and exaflops bring us down to ≈ 4.18E15 seconds. Dividing that again, we get ≈ (((4.18E15)/60)/1440)/365 years -- that's still over a century (> 13 decades), even if we really could evaluate 1 possibility per floating point instruction, which we can't, at least not directly.

The fastest that NSA can muster is at least in the multi-exaflop range -- the first exascale installations to be launched publicly should/will be seen this year.

Somehow NSA is able to break hard encryptions much faster than all the foregoing exposition suggests -- anecdotally, I know of a situation in which they cracked a stash of extremely-evil-bad-guy multiply-encrypted DVDs in 1 day -- they're probably using some unpublished set of algorithms -- not only do they have the largest and most advanced computer systems; they also routinely hire all the best math and comp sci guys (and gals) they can find.
Just wanna have idea so next time I can try harder passwords because in Friendster, Twitter, etc I use only very simple combinations of password...
Use at least one non-letter character, and at least one uppercase and at least one lowercase letter, and at least 7 characters total, e.g. #Element12, (please don't use that one, as I just published it as an example here) which is easy enough to remember by some association, and not too easy to guess.

#### Attachments

• 21.8 KB Views: 675
• 122.9 KB Views: 779
• 186.7 KB Views: 699
anorlunda
Mentor
Just as an example of smarter ways to search than brute force. Someone might guess that you decided to use the 12 non-alphabetic characters available with the shift key along the top row of your keyboard. Then rather than $95^{17}$ possibilities, you have only $12^{17}$. If I further guess that you avoid duplicates of the same character, then number of possibilities is reduced again. If I added ergonomics about the motions of hands and fingers, and how the keys in the middle of the row are more probable than the ones on the ends, the number is further reduced.

But it is rather silly to worry about someone breaking your code when the biggest risk you faced was loosing your password. Computer security can be said to have the goal of assuring only authorized use of the resources. Unauthorized use is one thing, but preventing authorized use (such as by forgetting the password) also violates that goal. Making something difficult to use is also a security violation by that definition. Absurdly long or difficult passwords are an example of counterproductive security in that sense.

I read about that enlightened view of security long ago on the first page of a thick computer security manual for DEC's VAX/VMS. If any PF members can locate that passage and post it here, I would be grateful.

1 gigahertz is about 1 billion cycles per second, so, assuming you could evaluate 1 possibility per machine cycle (in reality, it takes many more than 1 cycle to evaluate 1 possibility) you can take 9 of the zeroes off that number, to get the number of seconds your i5 would require.

As @Tom.G so clearly and capably put it:
Subtracting 9 from the 10s exponent of 9517 ≈ 4.18×1033 leaves ≈ 4.18×1024. Dividing that by 60 seconds per minute, and by 1440 minutes per day, and by 365 days per year, we get 130,010,147,133,435,000 years. That's (US) 130 quadrillion, 10 trillion, 147 billion, 133 million, 435 thousand.
The fastest publicly displayed machines (measured in floating-point instructions per second, rather than in cpu cycles per second), about 5 years ago, were petascale computers, and they looked something like this:

View attachment 227878View attachment 227879

That installation, at Argonne (my neck of the woods -- no I don't work there -- just a sometimes visitor), had 164,000 processor cores, each of them much faster than a 3 gigahertz i5. This one, from last year, at Oak Ridge:

View attachment 227880

runs at over over 200 petaflops (thousand teraflops = petaflops = quadrillions of floating point instructions per second.

Skipping teraflops (thousand gigaflops), petaflops allows us to take the 1024 down to 1018 and exaflops bring us down to ≈ 4.18E15 seconds. Dividing that again, we get ≈ (((4.18E15)/60)/1440)/365 years -- that's still over a century (> 13 decades), even if we really could evaluate 1 possibility per floating point instruction, which we can't, at least not directly.

The fastest that NSA can muster is at least in the multi-exaflop range -- the first exascale installations to be launched publicly should/will be seen this year.

Somehow NSA is able to break hard encryptions much faster than all the foregoing exposition suggests -- anecdotally, I know of a situation in which they cracked a stash of extremely-evil-bad-guy multiply-encrypted DVDs in 1 day -- they're probably using some unpublished set of algorithms -- not only do they have the largest and most advanced computer systems; they also routinely hire all the best math and comp sci guys (and gals) they can find.
Use at least one non-letter character, and at least one uppercase and at least one lowercase letter, and at least 7 characters total, e.g. #Element12, (please don't use that one, as I just published it as an example here) which is easy enough to remember by some association, and not too easy to guess.

Thanks. In short.. what kind of password should you make that even the NSA can't crack? how many characters and combinations should it be minimum? Just curious.