General brute force attack question
Daniel Krebs
mailinglist at krebs.uno
Wed Jun 17 10:48:32 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Am 17.06.2015 um 01:45 schrieb Robert J. Hansen:
>> Is this a correct interpretation?
>
> Pretty close.
>
>> My understanding of en-/decryption is that there is no
>> indication of progress toward finding a successful key match of a
>> given encryption.
>
> Not quite. If you're doing a brute-force attack it's easy to
> figure out what fraction of the possible number of keys you've
> tried, and to present that as a progress bar -- when the progress
> bar is half done, you've searched half the possible keys, and thus
> there's a 50% chance of finding the key by then. So yes, it's
> possible to come up with a pretty good estimate of how long it'll
> take to brute-force a cipher, and that lets you do things like
> status bars... it's just that the amount of time is, for any good
> system, ludicrously big.
I think you can't *really* estimate the time to crack a password, all
you can show is the maximum time it will take to try out all possible
combinations. But when you tried 20% of all possible combinations
there is a chance that the next guess will be right. The /typical
Hollywood progress bar/ allways counts up to 100% (or to 00:00 time)
at least in my memory.
Correct me if I'm wrong.
Sincerely
DK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJVgTROAAoJEA7irlPqaBCOYwMP+wZUVdrj55yaLxB/YzALB/wx
pWwIHmaNHFhSmVnSE9VuMQAl92AVMaaNs4+xSBk4LDfT0fo2PIZBrZGjFUfQ+FzJ
qO3puVHcvkXTY5mFDpU/51B36wmclrld/k03RcXlnAOa73mlDEnMDTmGKbdwzTOA
3sE2zUHouEVDKVOFCAzlbtHCjGqDf7D0ms7+em3qjt8YM2kBnXsI9KEpoXA0iUNH
a9tykZpCx66spXdYv/8Rd1RBwXOkJM/ryd1PMNFSZOA/RytHoUWdJLrJn+om/qmt
918yGeuhdLFuteOb+F/fRw0qddnmcwVdlz6fq3RXLMNLNOfFSKOSHSLktNU9SRyS
2zrVr500AyRLUsvnHL4VWAjINxxKUkP+RD43NBtmmlZy4M+HEG7iU4DqXv3KchrR
ufPbZoe/ti57pyBP20eNkDkSrVeJOmFUYJ8P5ZmXuOjam37vrlYd21ngnzz5KeCP
dgiNVItvPh0AxU17yhUMCvB39hNowiJGuUsPMzs34sFI2LS7RVr4Skzf65h8P4wO
4a9/VN9vz7GpzBC1PHxU5tu7fSyiFL6E4xpNm2zVkDq1ch1AYdT3WjpRhSrz+cSS
LM379TCSMJ9k9J0uji6mMrlhHaZk/OwaFap8TeKvZp9gOoTb1vvFNgiJfvRaAjS6
VXCbtvr5LDCf/DIDxt4k
=uXhB
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list