General brute force attack question
mailinglist at krebs.uno
Wed Jun 17 10:48:32 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Am 17.06.2015 um 01:45 schrieb Robert J. Hansen:
>> Is this a correct interpretation?
> Pretty close.
>> My understanding of en-/decryption is that there is no
>> indication of progress toward finding a successful key match of a
>> given encryption.
> Not quite. If you're doing a brute-force attack it's easy to
> figure out what fraction of the possible number of keys you've
> tried, and to present that as a progress bar -- when the progress
> bar is half done, you've searched half the possible keys, and thus
> there's a 50% chance of finding the key by then. So yes, it's
> possible to come up with a pretty good estimate of how long it'll
> take to brute-force a cipher, and that lets you do things like
> status bars... it's just that the amount of time is, for any good
> system, ludicrously big.
I think you can't *really* estimate the time to crack a password, all
you can show is the maximum time it will take to try out all possible
combinations. But when you tried 20% of all possible combinations
there is a chance that the next guess will be right. The /typical
Hollywood progress bar/ allways counts up to 100% (or to 00:00 time)
at least in my memory.
Correct me if I'm wrong.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users