If 128bit encryption has 2^128 possible combinations of keys, how come that shorter passwords are cracked more quickly using brute force? And how do you work out how much faster? Or is that using a different method of cracking?
How do you work out how long it would take to brute force a file?
- Thread starter Energize
- Start date
Energize said:
Brute force will usually just go through incrementally. Say we just use numbers...
If As password is 12
and Bs passwrod is 142425232
Which do you think will be guessed first?
The 128bit key will be created from an algorithm that uses the password. So if the password can be guessed easily, the 128bit key can be discovered quickly. If you have an alphanumeric password (single case characters), adding each extra character will make the password 36 times stronger.
Where does the 2^128 combinations come into encryption if all brute force does is guess the password where there is a much lower number of combinatons?
To have the full 2^128 combinations wouldn't you need a password long enough to allow for 2^128 combinations of it? Would say encrypting a file with a 256bit cipher be any more secure than a 128bit one if the password was only 10chars long?
To have the full 2^128 combinations wouldn't you need a password long enough to allow for 2^128 combinations of it? Would say encrypting a file with a 256bit cipher be any more secure than a 128bit one if the password was only 10chars long?
Last edited:
Man of Honour
- Joined
- 17 Nov 2003
- Posts
- 36,747
- Location
- Southampton, UK
The security is highly dependant of key length, but remember, good encryption software doesn't use your password as the encryption key; there's a process that converts your password into the encryption key.
Have a look at this: http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
Burnsy
Have a look at this: http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
Burnsy