Who Can Crack What, If Ever

Discussion in 'privacy technology' started by Mr_Noatak, May 6, 2009.

Thread Status:
Not open for further replies.
  1. Mr_Noatak

    Mr_Noatak Registered Member

    Joined:
    May 6, 2009
    Posts:
    1
    A philosophical question. Say you are given a single *cry image file but not the software program that created the encryption. I don't care if the encryption was created by TrueCrypt, PowerCrypt, AxCrypt, or even snakeoil software. Is there an example where somebody has actually recovered the full image using cracking software without brute force of short passwords? I mean there is a lot of talk about this but I never see any tangible successes. It should be easy right?

    Mr. Noatak
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I don't know enough to give a techie answer, but if your password is pretty crappy, I suspect brute force will work pretty good. If you've got a very strong, random password with a mix of letters and numbers and such, well, unless you're NSA AND have some hefty technological firepower, you may want to go grab a lot of coffee and food, because you're going to be a while, especially if you stick to brute force tactics.

    The short, serious answer is yes or no depending on the strength of that password.
     
  3. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Evidence security lockers are full everywhere with drives that cannot be cracked due to the passwords selected. Short of torturing you to get it, if you have a sufficiently long, highly randomized password (128+ bits of entropy or greater), your password will not be gleaned. That will change over time, which is why agents keep the drives. Eventually computing power will be there, but for now, it is not in many cases.
     
  4. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    As said many times, if password you are using is sufficient enough, it's not possible to crack it in one's lifetime.

    You have to either find implementation flaws or there must be a backdoor instead.

    Bruteforcing simply can't work if password is long enough,obscure, senseless. Imagine 64 characters password written in your head only. Password which isn't logic to anybody in the world. Not even to you. Not even parts of the passwords.

    For extra security you can also encrypt keyfiles with password as hard as is the one you use for your encrypted data.
     
  5. Jazz

    Jazz Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    37
    Location:
    London, UK
    Try cracking this kind of password, courtesy of GRC, namely 64 random printable ASCII characters:: -

    DpvrbFqG=nU%y:k1:p[>lo*T,Tt\y#QkacXebyau-WN>%UVjR&VU2}d^"V66M:1q

    Forget it, for the time being.
     
  6. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    Jazz, too many different characters there. A bit too hard to memorize it in real time.
     
  7. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    W1ld3r5&e(ur1tyR0ck$

    70 bits entropy, took about 20 seconds to compose and shouldn't be too hard to remember
     
Loading...
Thread Status:
Not open for further replies.