How fast can hackers crack 128 bit file encryption?

Click For Summary

Discussion Overview

The discussion revolves around the security of 128-bit file encryption, particularly focusing on how quickly hackers can potentially crack it. Participants explore the relationship between encryption strength and password complexity, the methods used for encryption, and the implications of key management.

Discussion Character

  • Debate/contested
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • Some participants suggest that cracking 128-bit encryption would take a long time, but the effectiveness of the encryption is heavily influenced by the strength of the password used.
  • It is proposed that the encryption process is independent of the password length, meaning that a weak password could allow access without needing to crack the encryption itself.
  • Questions are raised about where the encryption key is stored and whether it can be extracted from the file, with some participants asserting that private keys are not transmitted and are necessary for decryption.
  • One participant mentions that while 128-bit AES encryption is theoretically breakable, it is still considered secure for practical use, as the cost and time required to break it are prohibitive.
  • There is a discussion about the potential for future advancements in computing power, with one participant claiming that even with significant increases in speed, brute-forcing a 128-bit code would still take longer than the age of the universe.
  • Some participants discuss the importance of using strong, complex passwords and the role of key-stretching methods in enhancing security.
  • There are mentions of the practicality of hacking methods, suggesting that intercepting keys or exploiting vulnerabilities may be more efficient than brute-forcing encryption.

Areas of Agreement / Disagreement

Participants express a range of views on the effectiveness and practicality of cracking 128-bit encryption, with no consensus reached on the best methods for securing data or the implications of password strength versus encryption strength.

Contextual Notes

Some participants highlight the complexity of encryption algorithms and the potential for different methods of key management, which may affect the overall security of encrypted files. There are unresolved questions about the specifics of key storage and the implications of various encryption techniques.

gva
Messages
50
Reaction score
1
I got a freeware encryption software with only 128 bit. How fast it is for hackers to crack 128 bit file encryption?
 
Computer science news on Phys.org
Greg Bernhardt said:
A long time
http://www.inet2000.com/public/encryption.htm

But in file encryption software, it seems related to the password. For example I just use a 5 letter password.. how's the password related to the 128 bit encryption
 
gva said:
But in file encryption software, it seems related to the password. For example I just use a 5 letter password.. how's the password related to the 128 bit encryption
Passwords and the encryption standard (128 bit in this case) have nothing to do with each other. The encryption is done exactly the same way whether you have a 3 character password or a 300 character password.
Hacking an encryption means bypassing the password completely.

Of course, if you use a simple password, then they don't HAVE to crack the encryption, they just figure out your password and then they are in regardless of the encryption being used.
 
phinds said:
Passwords and the encryption standard (128 bit in this case) have nothing to do with each other. The encryption is done exactly the same way whether you have a 3 character password or a 300 character password.
Hacking an encryption means bypassing the password completely.

Of course, if you use a simple password, then they don't HAVE to crack the encryption, they just figure out your password and then they are in regardless of the encryption being used.

In an encrypted file, where is the 128 bit key combinations stored? If someone got my file.. can't he decrypt it using other software? Why not?
 
Greg Bernhardt said:
A long time
http://www.inet2000.com/public/encryption.htm

What prevents intercepting the key itself?
 
It sounds almost old fashioned for hackers to bother to attempt cracking any encryption regardless of key length. Nowadays, they are so good at stealing credentials (accounts, passwords and keys).

If the OP is really interested in security, he must choose a secure key, protect the key, and change the key often.
 
GTOM said:
What prevents intercepting the key itself?
It's a private key. It is not transmitted. There is a public key for use in ENcrypting things but only the private key will DEcrypt.
 
@gva you're asking a question and I think maybe you do not understand the answers you've gotten so far. Good ciphers are not unbreakable, they are just totally impractical to break. 128 AES is breakable but is still actively used in the ssh 2 protocol. Why? Because nobody is going to spend a week of supercomputer time cracking your email. Too hard. Too expensive. There is way too much low-hanging fruit out there to mess with decoding your cipher. It is economically unfeasible. The only time somebody would bother is in the realm of espionage.

Read this insight article: https://www.physicsforums.com/insights/perfect-secrecy-unbreakable-cipher

And then see if you can understand what has been said.
 
  • #10
jim mcnamara said:
@gva 128 AES is breakable but is still actively used in the ssh 2 protocol. Why? Because nobody is going to spend a week of supercomputer time cracking your email.
Jim, according to what I have read, if computers get 1,000,000 times faster than they are today it would still take longer than the current age of the universe to brute force hack a 128 bit code
 
  • #11
Does any have any link how exactly file encryption works. Where is the key stored.. is it in the program or in the file. And can't someone just read the key from the file directly and decrypt it? Also can't the password be hacked directly from the file?
 
  • #12
Hey gva.

In symmetric encryption you generate the key from data - like a password.

What often happens is that the password in memory is converted to the key and everything "checks out" (i.e. the information looks to be in the correct format and organizational structure) then the program assumes it's good and it uses the data.

There are additional things like hashes that get a fingerprint of the data and if the decryption process is successful then the hash will give evidence of that.

You don't store the private key for password data - it's up to you to generate it after you enter your password.
 
  • #13
Hey gva, there's something else you need to know about your passwords, and that is, it is they, that get stretched to be the size of your key.

so if your password is 'abc' and its stretched using, say, md5, it becomes a key, a string like d41d8cd98f00b204e9800998ecf8427e which has those 128 bits your software then feeds into the encryption algo along with your data.

that mean if another program uses a different key-stretching method from yours, it becomes true that the result will likely be unbreakable.

now, being in a world of standards and best practices, its fairly certain one needs to try just a few stretch algo's against the massive lists of stolen passwords to have a fairly realistic chance of brute-forcing your key in fairly reasonable times.

as your key is the weak thing here, one typically uses an easy password and a random file to set-up a key-store. there you keep the list of your passwords - but these passwords are now generated to be wacky almost untypeable and certainly unmemorable strings like, for example, 'Yg__E9-N8vdP9nQcL' which has 100 bits of randomness and is almost certain to never have been used before.

such a wacky password, stored in a password manager, can then be used to store and share encrypted data since whatever the key-stretcher does, its output will be even less likely to be something one could brute-force.

--
i use KeePassX to generate and track my passwords because it runs on all operating systems. .. and i use it in the following weird way: i have a simple password on my keepass database. that's because i also use a key-file that works in tandem with my password to give me access to the passwords. the rule here is: something i know + something i have.

about once a month i open another copy of a keepass database, one which has as its key a phrase from a book which all my family members have. i don't have that book at home, but i have a note in my effects which identifies the phrase (but not the book). weird, ok? the next step is that i read my 'daily use' password files as well as any keyfiles i might have - into the monthly version of the password database and post it publicly so that i can get to it from anywhere.

TL:DR; this pov so you have an idea of what you might want to be doing in a few years. For now use long random-like passwords, write them down, messed up a little bit, and keep them in your wallet.
 
  • #14
@phinds Actually I was parroting something I read about getting ahead of the curve on encryption with regard to quantum computing. And fudging it.
My bad. The OP seemed really uninformed, so I took a pot shot with a wrong analogy.

You are correct - right now breaking most decent ciphers directly is very impractical, to say the least. That's why backdoors and other methods of hacking are more productive approaches.
 
  • Like
Likes   Reactions: phinds
  • #15
phinds said:
Jim, according to what I have read, if computers get 1,000,000 times faster than they are today it would still take longer than the current age of the universe to brute force hack a 128 bit code

That of course, assumes that brute force is the only way. If they intercept the key what prevents reverting encryption steps to decrypt?
If there is another key, it still has to be transmitted between two different systems.
 
  • #16
phinds said:
It's a private key. It is not transmitted. There is a public key for use in ENcrypting things but only the private key will DEcrypt.

Surely if you know how to ENcrypt it, you know how to DEcrypt it? You just do it in reverse?
 
  • #17
It depends on the algorithm.

If it is something like RSA (like where factoring is the difficulty) then it's determined by how well you undo these problems that are meant to be easy to do but hard to undo unless you have the right piece of information (like a key).

This is known as one way functions in cryptography and they depend on how good the algorithms are to actually do the "undo-ing" without the necessary information that would make it easy.
 
  • Like
Likes   Reactions: Clever Penguin
  • #18
GTOM said:
That of course, assumes that brute force is the only way.
No, it is simply a statement of fact about brute force hacking. It makes no assumptions at all and has nothing to do with other methods.
 

Similar threads

Decrypting files & forgotten password
  • · Replies 34 ·
2
Replies
34
Views
7K
Computer repair guy wants "48-bit encryption code" for HDD
  • · Replies 27 ·
Replies
27
Views
3K
How long to crack this encryption by brute-force ?
  • · Replies 27 ·
Replies
27
Views
13K
Why Aren't 128 Bit Public Keys Used for Encryption on the Internet?
  • · Replies 11 ·
Replies
11
Views
6K
Steganographic Data File Searches
  • · Replies 15 ·
Replies
15
Views
2K
What Is 128-Bit and 256-Bit Encryption?
  • · Replies 4 ·
Replies
4
Views
23K
How do encrypted USB flash drives work and how can we make them more secure?
  • · Replies 7 ·
Replies
7
Views
3K
Question about the vulnerability of encryption
  • · Replies 9 ·
Replies
9
Views
2K
A very naive encryption scheme : How would an expert crack it?
  • · Replies 17 ·
Replies
17
Views
1K
Software Patenting: Can You File a US Patent Application?
  • · Replies 6 ·
Replies
6
Views
2K