- #1

- 93

- 5

You are using an out of date browser. It may not display this or other websites correctly.

You should upgrade or use an alternative browser.

You should upgrade or use an alternative browser.

- Thread starter dahoa
- Start date

- #1

- 93

- 5

- #2

jedishrfu

Mentor

- 12,645

- 6,505

A better strategy is to think what password you might have used like an old phone number, address... as people tend to use the same passwords over and over. Also you don’t think you stashed the password somewhere like on the DVD case or under the DVD insert.

- #3

- 93

- 5

A better strategy is to think what password you might have used like an old phone number, address... as people tend to use the same passwords over and over. Also you don’t think you stashed the password somewhere like on the DVD case or under the DVD insert.

I totally forgot it. I chose my password by thinking randomly any object at that moment and I forgot what I thought of 8 years ago.. and it's combination of objects and adding some symbols too.

Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?

- #4

anorlunda

Staff Emeritus

- 9,262

- 6,290

Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?

You mean 128 bit key, not 128 bit file, correct?

NSA could probably do it today.

If you are really serious about retrieving the data, and you have the money, I suggest hypnosis to help you remember the password.

Don't forget, even if you have the key, you also need a machine to run that Acrypt software.

- #5

Vanadium 50

Staff Emeritus

Science Advisor

Education Advisor

- 26,708

- 10,261

- #6

- 93

- 5

The documents and pictures with lost encryption password is saved in Milleniata M-disc which can last for 1000 years.. so it can await the day quantum computer would become a reality.

- #7

Vanadium 50

Staff Emeritus

Science Advisor

Education Advisor

- 26,708

- 10,261

In case a quantum computer got developed in future.. how would it decode the 128 bit key?

You're asking how long it would take a piece of technology that doesn't even exist yet to do an unspecified amount of work. If I said 11.23487651 hours, would you believe me? If not, why not?

- #8

jedishrfu

Mentor

- 12,645

- 6,505

I totally forgot it. I chose my password by thinking randomly any object at that moment and I forgot what I thought of 8 years ago.. and it's combination of objects and adding some symbols too.

Supposed quantum computer can exist in the future.. how long would it take to decrypt a 128 bit file?

Try going back to the place where you did the encryption perhaps sitting there will jog your memory but really people are often afraid to use totally random stuff so my guess is its something that means something to you address, phone #, booktitle, book author, funny saying...

- #9

- 1,961

- 1,195

Do you still have the system drive from the machine on which you did the encryption? It's possible, although not likely, that it still has a cached copy of the passphrase. It's not likely, because the cache is normally cleared when the Windows session is ended.

To check the possibility, you could make a sector-by-sector, including empty sectors, physical clone of the drive, copying all sectors byte-by-byte, to a same-sized or larger drive on which all sectors have been write-initialized to binary zeroes, then boot from the clone, and attempt to open one of the .axx files from the context menu. If that doesn't work, it's possible that the passphrase could still be found with more exhaustive methods, but again. not very likely.

Probably your best option at that point, other than somehow remembering the passphrase, would be a dictionary attack, as @Vanadium 50 suggested, with a lexicon that is reduced in size by use of what lexical characteristics of the passphrase you can remember, such as whether you used all lowercase, used only common nouns, used only a subset of available numeric or special characters only at the start or end of the phrase, etc.. Anything you can eliminate from consideration reduces the number of possibilities you have to test for.

The difficulty of finding a better than brute force method for producing the key from the remaining possibilities is roughly that of finding the largest prime factors of a very large integer -- a quick method for doing that has not been proven, as far as is publicly known, to not exist, but as far as we know. Gauss, and other luminaries, tried without success to find one or prove that none could be found.

Although correctly implemented AES 128 is not known to be, or believed by experts to be, susceptible to a known-plaintext attack, the fact that image files have common header information can be used to check the candidate passphrases more quickly.

To check the possibility, you could make a sector-by-sector, including empty sectors, physical clone of the drive, copying all sectors byte-by-byte, to a same-sized or larger drive on which all sectors have been write-initialized to binary zeroes, then boot from the clone, and attempt to open one of the .axx files from the context menu. If that doesn't work, it's possible that the passphrase could still be found with more exhaustive methods, but again. not very likely.

Probably your best option at that point, other than somehow remembering the passphrase, would be a dictionary attack, as @Vanadium 50 suggested, with a lexicon that is reduced in size by use of what lexical characteristics of the passphrase you can remember, such as whether you used all lowercase, used only common nouns, used only a subset of available numeric or special characters only at the start or end of the phrase, etc.. Anything you can eliminate from consideration reduces the number of possibilities you have to test for.

The difficulty of finding a better than brute force method for producing the key from the remaining possibilities is roughly that of finding the largest prime factors of a very large integer -- a quick method for doing that has not been proven, as far as is publicly known, to not exist, but as far as we know. Gauss, and other luminaries, tried without success to find one or prove that none could be found.

Although correctly implemented AES 128 is not known to be, or believed by experts to be, susceptible to a known-plaintext attack, the fact that image files have common header information can be used to check the candidate passphrases more quickly.

Last edited:

- #10

- 93

- 5

Millianiata M-disc bluray can last for 1000 years.. so maybe 300 years from now.. my descendant can open the files by having a personal quantum decryptor?

- #11

- 1,961

- 1,195

The dictionary attack works by first reducing the size of the problem. It tests only the likelier candidates for the passphrase used to generate the actual encryption key, rather than testing all the possible values of that key.You always hear the news quantum computer can crack encryptions. Just wanna have general idea.. do they do it by trying out every combinations of words in the dictionary?

As a rule, unless the passphrase is very long, and very random, the number of possibilities for it is apt to be much smaller than 2^128, and as Vanadium 50 pointed out, the smaller number of possibilities could be manageable using conventional computational equipment that is readily available to private individuals.

Regarding use of quantum computers for decryption: fundamentally, the special capabilities of hypothetical quantum computing devices in the decryption arena are predicated upon quantum superposition phenomena that have been reliably observed under laboratory conditions.

Conceptually, and non-rigorously:

The two possible values for a normal bit, i.e. a binary digit, conventionally 1 and 0, could be visualized as being represented as the North and South poles at the opposite ends of an axis running through the center of a spinning sphere, the axis of spin being perpendicular to the equatorial plane that lies parallel to the direction of spin.

In the case of a qubit, i.e. a quantum bit, there is no pre-determined orientation of that equatorial plane, so no yet-singular axis of spin, so no definite points to map to the two surface points at the opposite ends of the axis of spin. By superposition, before measurement intervenes, all the points on the surface are spin-axial endpoints simultaneously. For the decryption purpose, constructs are envisioned whereby a correct match, and only a correct match, will trigger the measurement, thereby eliminating all the other possibilities at once, and so selecting the correct one.

Preliminary and ongoing experimentation strongly suggests that such an approach should be viewed as promising, but for practical purposes, as far as is publicly known, a working device with a sufficient number of qubits, and a sufficiently rapid, robust, and fully usable set of interfaces, is not yet available, and if such an assemblage becomes available, in the not especially immediate future, it will in its earliest manifestations continue to be cost-prohibitive for the decryption exigencies of ordinary private individuals.

I think it's not unlikely that something, whether it's quantum-based or not, will in time be able to accomplish such a purpose.Millianiata M-disc bluray can last for 1000 years.. so maybe 300 years from now.. my descendant can open the files by having a personal quantum decryptor?

Last edited:

- #12

f95toli

Science Advisor

Gold Member

- 3,122

- 615

You always hear the news quantum computer can crack encryptions. Just wanna have general idea.. do they do it by trying out every combinations of words in the dictionary?

A quantum computer might not be any faster than a conventional computer for a problem like this, at least not if the password is completely random (if it is not I guess i might be possible re-formulate it as a database search or optimization problem in which case a QC might help).

Quantum computers can break protocols that are based on the fact fact that some mathematical operations -such as factorization- are very hard (computationally expensive) on a classical computer but "easy" on a quantum computer. The typical example is RSA which is used for nearly all secure network communication; a quantum computer does NOT break RSA by "trying lots of combination", it simply runs an algorithm for factorization that is impossible to run on a classical computer (Shor's algorithm)

In your case there is presumably no mathematical problem to solve. What you have is akin to "one time pad crypto" which would be 100% secure if the key is longer than the message. The fact that you obviously have lots of data (much more than 128) means that it might still be possible to break but the attack would presumably be e.g. based on reducing the number of possibilities using statistics (which in turn would utilize knowledge about the nature of what is in the encrypted file, how e.g. JPEG files are saved) A QC would not be of any help here.

- #13

- 93

- 5

How does file encryption generally work?

- #14

- 1,961

- 1,195

Here's a link to an entertaining, and reasonably accurate, exposition of AES, which is what Axcrypt implements: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

How does file encryption generally work?

- #15

Vanadium 50

Staff Emeritus

Science Advisor

Education Advisor

- 26,708

- 10,261

- #16

- 258

- 116

How does the password got store in the file.. why can't you extract it..

The password is not stored in the file, that would defeat the entire purpose of encryption. The password is used to create a cipher text from you original plain text. The algorithms used are designed so that it is easy to recover the plain text from the cipher text if you know the key but very hard to to do if you don't know the key.

- #17

- 93

- 5

Some of you said NSA can crack 128 key encryption.. Do they do it because they have faster computer? but how can they guess the above passwords even by inputting every dictionary words or combinations? Just want to know in case I or my friend forgot important passwords in the future..

- #18

- 1,961

- 1,195

Even with such a strong passphrase, the resources of the NSA are more than adequate to check every possible passphrase in a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

Publishing the password here obviously compromises the secrecy, but then again, it's presumably ordinarily private information -- like granny's secret recipes -- not national security top secret, and also presumably, we're not on a hunt for your M-Disc.

Passwords or passphrases that are not readily memorizable, such as yours, are probably best kept in a backed-up digital password vault, with a password or passphrase that is easy enough for you to remember, and still too hard for an attacker to guess, and written down (or at least clued-for) and kept somewhere safe just in case.

Glad to learn that you got your pictures back.

- #19

- 93

- 5

Even with such a strong passphrase, the resources of the NSA are more than adequate to check every possible passphrase in a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

Publishing the password here obviously compromises the secrecy, but then again, it's presumably ordinarily private information -- like granny's secret recipes -- not national security top secret, and also presumably, we're not on a hunt for your M-Disc.

Passwords or passphrases that are not readily memorizable, such as yours, are probably best kept in a backed-up digital password vault, with a password or passphrase that is easy enough for you to remember, and still too hard for an attacker to guess, and written down (or at least clued-for) and kept somewhere safe just in case.

Glad to learn that you got your pictures back.

I saved them again in m-disc without any passwords because they are just family pictures. For the 17 character password I used.. if you will try out every combination of them in brute force entry.. how do you compute how many combinations there are? What is the equation or formula? Just curious.

- #20

Tom.G

Science Advisor

- 3,770

- 2,458

how do you compute how many combinations there are? What is the equation or formula? Just curious.

Start with the number of possible unique characters. As @sysprog said, in your case that is 95.

First position has 95 possible characters...

Second position has 95 possible characters...

So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 95

4.18 decillion (American system)

4.18 quintilliard (European system)

4,18

Cheers,

Tom

- #21

- 93

- 5

Start with the number of possible unique characters. As @sysprog said, in your case that is 95.

First position has 95 possible characters...

Second position has 95 possible characters...

So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 95^{17}≈ 4.18×10^{33}different possible passwords.

4.18 decillion (American system)

4.18 quintilliard (European system)

4,180,000,000,000,000,000,000,000,000,000,000(How long would it take you to count them, much less try them?)

Cheers,

Tom

I'm using a core i5 about 3 gigahertz... how many years would it take to crack the 4,18

And how many times is the speed of the NSA computer faster than my corei5?

Just wanna have idea so next time I can try harder passwords because in Friendster, Twitter, etc I use only very simple combinations of password...

- #22

f95toli

Science Advisor

Gold Member

- 3,122

- 615

Even with such a strong passphrase, the resources of theNSA are more than adequate to check every possible passphrasein a 17-printable-character ASCII space in a manageable timeframe -- that number is very much smaller than 2^128 -- even though 16 bytes, 8 bits each, is 128 bits, not all of those possibilities are in the ASCII space, i.e. some are not printable -- not counting the blank (ASCII 32), only 95 characters in the table (from 33 through 128) are printable. 2^95 is a very large number, but unlike us regular foks, NSA has computational capacity that can be measured in cubic acres.

.

I doubt that.

There are 95^17=4.2*10^33 combinations

Lets say it takes one core 1 ns to check one combination. This means that it would take 4.2e24 seconds=1.3*10^17 years to test all combinations with one core

Now, the NSA will obviously have access to many, many cores; but even the fastest computers in the worlds will only have about 100 000 cores or so. Hence, this means that it would take of the order of 10^12 years (or about 7 times the age of the universe) to test all combinations if you used a brute force approach.

Note that I am not saying that they would not be able to crack the encryption in a reasonable amount of time; but they would use something a bit more clever than a brute force approach.

- #23

- 1,961

- 1,195

1 gigahertz is about 1 billion cycles per second, so, assuming you could evaluate 1 possibility per machine cycle (in reality, it takes many more than 1 cycle to evaluate 1 possibility) you can take 9 of the zeroes off that number, to get the number of seconds your i5 would require.I'm using a core i5 about 3 gigahertz... how many years would it take to crack the 4,180,000,000,000,000,000,000,000,000,000,000combination?

As @Tom.G so clearly and capably put it:

Subtracting 9 from the 10s exponent of 95Start with the number of possible unique characters. As @sysprog said, in your case that is 95.

First position has 95 possible characters...

Second position has 95 possible characters...

So far that means there are 95×95 = 9025 possible 2-character passwords.

If using a 3-character password there are 95×95×95 = 857,375 possibilities.

The formula is {No. of possible Characters} raised to the power of the {No. of positions}. 95^{17}≈4.18×10(emphasis added -- sysprog) different possible passwords.^{33}

4.18 decillion (American system)

4.18 quintilliard (European system)

4,180,000,000,000,000,000,000,000,000,000,000(How long would it take you to count them, much less try them?)

Cheers,

Tom

The fastest publicly displayed machines (measured in floating-point instructions per second, rather than in cpu cycles per second), about 5 years ago, were petascale computers, and they looked something like this:And how many times is the speed of the NSA computer faster than my corei5?

That installation, at Argonne (my neck of the woods -- no I don't work there -- just a sometimes visitor), had 164,000 processor cores, each of them much faster than a 3 gigahertz i5. This one, from last year, at Oak Ridge:

runs at over over 200 petaflops (thousand teraflops = petaflops = quadrillions of floating point instructions per second.

Skipping teraflops (thousand gigaflops), petaflops allows us to take the 10

The fastest that NSA can muster is at least in the multi-exaflop range -- the first exascale installations to be launched publicly should/will be seen this year.

Somehow NSA is able to break hard encryptions much faster than all the foregoing exposition suggests -- anecdotally, I know of a situation in which they cracked a stash of extremely-evil-bad-guy multiply-encrypted DVDs in 1 day -- they're probably using some unpublished set of algorithms -- not only do they have the largest and most advanced computer systems; they also routinely hire all the best math and comp sci guys (and gals) they can find.

Use at least one non-letter character, and at least one uppercase and at least one lowercase letter, and at least 7 characters total, e.g. #Element12, (please don't use that one, as I just published it as an example here) which is easy enough to remember by some association, and not too easy to guess.Just wanna have idea so next time I can try harder passwords because in Friendster, Twitter, etc I use only very simple combinations of password...

- #24

anorlunda

Staff Emeritus

- 9,262

- 6,290

But it is rather silly to worry about someone breaking your code when the biggest risk you faced was loosing your password. Computer security can be said to have the goal of assuring only authorized use of the resources. Unauthorized use is one thing, but preventing authorized use (such as by forgetting the password) also violates that goal. Making something difficult to use is also a security violation by that definition. Absurdly long or difficult passwords are an example of counterproductive security in that sense.

I read about that enlightened view of security long ago on the first page of a thick computer security manual for DEC's VAX/VMS. If any PF members can locate that passage and post it here, I would be grateful.

- #25

- 93

- 5

1 gigahertz is about 1 billion cycles per second, so, assuming you could evaluate 1 possibility per machine cycle (in reality, it takes many more than 1 cycle to evaluate 1 possibility) you can take 9 of the zeroes off that number, to get the number of seconds your i5 would require.

As @Tom.G so clearly and capably put it:

Subtracting 9 from the 10s exponent of 95^{17}≈ 4.18×10^{33}leaves ≈ 4.18×10^{24}. Dividing that by 60 seconds per minute, and by 1440 minutes per day, and by 365 days per year, we get 130,010,147,133,435,000 years. That's (US) 130 quadrillion, 10 trillion, 147 billion, 133 million, 435 thousand.

The fastest publicly displayed machines (measured in floating-point instructions per second, rather than in cpu cycles per second), about 5 years ago, were petascale computers, and they looked something like this:

View attachment 227878View attachment 227879

That installation, at Argonne (my neck of the woods -- no I don't work there -- just a sometimes visitor), had 164,000 processor cores, each of them much faster than a 3 gigahertz i5. This one, from last year, at Oak Ridge:

View attachment 227880

runs at over over 200 petaflops (thousand teraflops = petaflops = quadrillions of floating point instructions per second.

Skipping teraflops (thousand gigaflops), petaflops allows us to take the 10^{24}down to 10^{18}and exaflops bring us down to ≈ 4.18E15 seconds. Dividing that again, we get ≈ (((4.18E15)/60)/1440)/365 years -- that's still over a century (> 13 decades), even if we really could evaluate 1 possibility per floating point instruction, which we can't, at least not directly.

The fastest that NSA can muster is at least in the multi-exaflop range -- the first exascale installations to be launched publicly should/will be seen this year.

Somehow NSA is able to break hard encryptions much faster than all the foregoing exposition suggests -- anecdotally, I know of a situation in which they cracked a stash of extremely-evil-bad-guy multiply-encrypted DVDs in 1 day -- they're probably using some unpublished set of algorithms -- not only do they have the largest and most advanced computer systems; they also routinely hire all the best math and comp sci guys (and gals) they can find.

Use at least one non-letter character, and at least one uppercase and at least one lowercase letter, and at least 7 characters total, e.g. #Element12, (please don't use that one, as I just published it as an example here) which is easy enough to remember by some association, and not too easy to guess.

Thanks. In short.. what kind of password should you make that even the NSA can't crack? how many characters and combinations should it be minimum? Just curious.

Share: