Encryption question

Darakian

Supreme [H]ardness
Joined
Apr 12, 2004
Messages
4,698
So I have been looking online for how encrytion works, I get how cyphers work, what I want to know is what dose the bit rating mean in relation to the amount of security it provides. For example lets take some imaginary algorithm that is offered in both 64 and 128 bit versions, the 128 is more secure but I want to know why? Also how long would it take say a 3ghz intel to crack it? I have searched both google and these forums and come up with pretty much everything aside from this answer, any help?
 
sweet thanks, any type of figures on how long it would take to crack?
 
Easy.... It would take all the known processing power on the face of the earth something like 107,829 billion years
 
Different types of encryption will take different amounts of time to crack. Des uses a 56 bit key which means there are 2^56 possible keys. It was cracked in a few days sometime in the 90s IIRC. Most modern encryption relies on a very large key which is generated by multiplying two large primes. The original algorithm which demonstrated this was RSA. Taking a large number and trying to factor it is a very difficult task from what i hea,. ( im not a crpytographer or a mathmatician ) so it is very very hard to crack. When we talk about very large keys created in this fashion we are talking about a time to crack of the lifetime of the universe using all the computers in the world.

Although this seems like it is the end of all encryption, people had thought that about all of the things that came before it. The power of our computers will increase which will enable us to brute force it more quickly, but it is also likely that someone will find a way to exploit the algorithm in order to cut the number of solutions in half, quarter or whatever.
The gernan enigma of WWII was believed to be undefeatable, but through hard work, a way was found to defeat it.

If you are interested in the topic and would like a real easy read, i would suggest the following book.

The code book by simon singh ISBN #0385495323

I chose to read it because it puts encryption into a historical context which i enjoy because it gives me a better conceptual view of how it has developed over time. It is a real easy read rather than a book which goes into exhausting detail about the various algorithms with lots of math. I have also ordered a similar book

Brute Force : Cracking the Data Encryption Standard
by Matt Curtin ISBN: 0387201092

I havent started it yet, so i cant give my opinion on how good it is, but it is nice to see some discussion on the topic.
 
The number of years to cover every possibility in a 128 bit password using the Super Computer is:

(2128)/(1014)/(31,557,600) years. Or:

107,828,975,245,563,000 years

This is roughly 107,829 (about 1017 ) billion years. The sun will go nova before an attacker could test every password in a 128 bit algorithm

That's from the kjCrypt article posted above. Of course, all those statistics they give are for attempting EVERY possible key in the key space. Am I correct in assuming that to crack encryption, one doesn't have to calculate the complete key space, but just up until the one that works?

Assuming evenly distributed probability of key frequency, the average time to find that key would be half the time of going through the entire key set. But even then, there's still the remote possiblity that the first key tried might be the correct one (that probability would be 1/(2^keysize). In that rare case, it doesn't matter that statistically it could take billions of years if the cracker has the key in minutes.
 
BollWeevil said:
That's from the kjCrypt article posted above. Of course, all those statistics they give are for attempting EVERY possible key in the key space. Am I correct in assuming that to crack encryption, one doesn't have to calculate the complete key space, but just up until the one that works?

Assuming evenly distributed probability of key frequency, the average time to find that key would be half the time of going through the entire key set. But even then, there's still the remote possiblity that the first key tried might be the correct one (that probability would be 1/(2^keysize). In that rare case, it doesn't matter that statistically it could take billions of years if the cracker has the key in minutes.
The fun happens when you can make leaps of logic and narrow the scope.

A key was generated using a dictionary word? Well, that narrows it down quite a bit. The keys were generated at this time, using this cypher? Ah, well, that too narrows the scope of the search.

All in all, if someone wants to, they can crack into a 128 bit cypher, but the truth of the matter is it's usually easier to run an end game around it altogether ( ie: spyware installed that listens to key taps before they are encoded and sent ).
 
Thanks for all the great responses guys, encryption is a facinating subject to me at this point in time. I really would like some way to compute how long to crack a code (all combos) I have heard the "not before the sun super novas" and similar but I want to know how to figure the time, I want to figure it for my computer :p
 
If it takes more than 100 billion years to crack a 128-bit key, then how come it takes a hacker around 24 hours - 2 days to crack a 128 bit WEP key? Don't they use like a way of hacking the IV and spoofing the MAC address?

?

confused.
 
AuDioFreaK39 said:
If it takes more than 100 billion years to crack a 128-bit key, then how come it takes a hacker around 24 hours - 2 days to crack a 128 bit WEP key? Don't they use like a way of hacking the IV and spoofing the MAC address?

?

confused.
There are a few different ways, but they are NOT cracking the key in the sense you are thinking of. They are limiting their starting options, as I mentioned, and likely using a prehashed table for the rest of it.
 
AuDioFreaK39, there is a weakness in how IV's are used in WEP, as certain keys are used more frequently than they should be and some reveal information about the message encryption and message content, which after collecting thousands of these, help greatly in reducing the amount of calculations needed, as XOR talks about.

There's a famous paper discussing the mathematics of the flaws of WEP encryption, and how it can be used to quickly break a WEP key without having to brute for the entire key space. Although brute-forcing can still be done on WEP, estimates say it can take up to a couple of years on a standard home PC.
 
Back
Top