128 bit blowfish..how long to crack?

ashagplz

ashagplz

ashagplz

Associate
Joined
14 Sep 2003
Posts
773
how secure is 128 bit blowfish these days?.....256 bit requires passwords too long for everyday use (like 70 characters i believe)..so i tried to find information on how long 128 bit can be cracked in....i cant find much info other than one article suggesting a demonstration of how it can be cracked took 3 months...on todays processors i wonder what it is in real terms...
 
By cracking it i hope its not illegal :eek:

Or this thread will be gone in no time
 
i have no idea why u made that comment.....its a general question as to how secure 128 bit blowfish is....its the mainstay of many an encryption program....im not asking how to crack it..im asking how secure it is.....

personally i want to use 256 bit but as i need to input the passwords daily its not practical to be keying 70 word passwords...so i am looking for information that can say how secure it is from a standard attack by someone who is competent in that area...

in other words if my laptop was stolen is the encrypted data really safe to all intents and purposes or could a script kiddie with a few weeks of time in his hands crack it?

all i can find is a demonstration of how 128 bit isnt totally secure by cracking it within 3 months.... however it wasnt clear if this was on a mainstream computer or a supercomputer...
 
google didnt really clarify it..because most articles arent dated and so what can be acheived with the latest home computers isnt covered....

re: passwords..this would be true to a certain extent but also applys across al types of encryption...its quite simple really....with a decent password of say 10 characters how crackable is 128bit blowfish on a modern computer...

it would seem its uncrackable in reality to anyone other than the securtiy services within a reasonable timeframe..i just cant find any uptodate information to confirm this
 
A reasonably interesting article from George Ou at ZD.Net about encryption. There are quite a few different standards of encryption available though and he only covers a couple there. The question you should probably be asking is, what data do I have that is so valuable that I need this level of encryption for? Seriously, if you have something so valuable then you probably need more security measures in place than a bit of encryption, even if it is secure to X million combinations and hours.
 
ashagplz said:
google didnt really clarify it..because most articles arent dated and so what can be acheived with the latest home computers isnt covered....

re: passwords..this would be true to a certain extent but also applys across al types of encryption...its quite simple really....with a decent password of say 10 characters how crackable is 128bit blowfish on a modern computer...

it would seem its uncrackable in reality to anyone other than the securtiy services within a reasonable timeframe..i just cant find any uptodate information to confirm this
Click to expand...

It isn't just the length of the password; it depends how complex it is. If you use ordinary words from the dictionary then expect it to be cracked in no time. If it is the same length but includes a mix of upper & lower case letters, numbers and special characters it will take a lot longer.

One place you could ask and get knowledgeable responses would be the TrueCrypt forums.
 
It all depends on the S-BOX used and the block size... The only know known attacks against blowfish are based on weak keys. Practically its not feasible to brute-force it, so unless someone finds more weaknesses in the algorithm its pretty unbreakable in a normal timeframe.
 
Last edited:
Well there are roughly 340000000000000000000000000000000000000 possible combinations if you were to brute force it. That's gonna take any computer a long time.
 
I asked a similar question on here about 2 years ago - How safe is 128 bit encryption and the answer was something like - the worlds most powerfullest computer running 24/7 for a year might crack it.
 
yes the key seems to be what constitutes a normal pc....it seems accepted that government agencies can certainly crack 128 bit blowfish with a reasonable timeframe...enough to not worry too much about it being in the public...there was a time they cracked down on anything over 56 bit...
 
I always wonder when these questions pop up

What home user has information that needs to be THAT secure ???

Apart from bank details etc, I can't think of anything :confused: And that can be sorted by informing the bank your lappy was stolen, and you want to cancel the account etc.

Just curious.

I can't even think of any job that'd let you take info away if its imperitive it's not stolen / misused.
 
jellybeard999 said:
I always wonder when these questions pop up

What home user has information that needs to be THAT secure ???

Apart from bank details etc, I can't think of anything :confused: And that can be sorted by informing the bank your lappy was stolen, and you want to cancel the account etc.

Just curious.

I can't even think of any job that'd let you take info away if its imperitive it's not stolen / misused.
Click to expand...
Just because cracking it via brute force (ie. trying every possible combination) isn't feasible, doesn't mean it's that secure. I'm sure most encryption systems have exploits that could be used to crack it, even if no one has discovered them yet.
 
jellybeard999 said:
I always wonder when these questions pop up

What home user has information that needs to be THAT secure ???
Click to expand...
Child porn? No offence to the OP. Albeit the law requires you to hand over your password anyway AFAIK.
 
dirtydog said:
Child porn? No offence to the OP. Albeit the law requires you to hand over your password anyway AFAIK.
Click to expand...
RIPA act, but 2 years in jail for non compliance might be the best option in the example you suggested.
 
Sleepy said:
RIPA act, but 2 years in jail for non compliance might be the best option in the example you suggested.
Click to expand...
It depends how much / bad the child porn that you possess is, I guess. (generic you ;)) I seem to remember some people being let off jail for child porn offences.
 
You must log in or register to reply here.
Back
Top Bottom