General brute force attack question

Daniel Krebs mailinglist at krebs.uno
Wed Jun 17 10:48:32 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Am 17.06.2015 um 01:45 schrieb Robert J. Hansen:
>> Is this a correct interpretation?
> 
> Pretty close.
> 
>> My understanding of en-/decryption is that there is no
>> indication of progress toward finding a successful key match of a
>> given encryption.
> 
> Not quite.  If you're doing a brute-force attack it's easy to 
> figure out what fraction of the possible number of keys you've 
> tried, and to present that as a progress bar -- when the progress 
> bar is half done, you've searched half the possible keys, and thus 
> there's a 50% chance of finding the key by then.  So yes, it's 
> possible to come up with a pretty good estimate of how long it'll 
> take to brute-force a cipher, and that lets you do things like 
> status bars... it's just that the amount of time is, for any good 
> system, ludicrously big.

I think you can't *really* estimate the time to crack a password, all
you can show is the maximum time it will take to try out all possible
combinations. But when you tried 20% of all possible combinations
there is a chance that the next guess will be right. The /typical
Hollywood progress bar/ allways counts up to 100% (or to 00:00 time)
at least in my memory.
Correct me if I'm wrong.

Sincerely
DK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJVgTROAAoJEA7irlPqaBCOYwMP+wZUVdrj55yaLxB/YzALB/wx
pWwIHmaNHFhSmVnSE9VuMQAl92AVMaaNs4+xSBk4LDfT0fo2PIZBrZGjFUfQ+FzJ
qO3puVHcvkXTY5mFDpU/51B36wmclrld/k03RcXlnAOa73mlDEnMDTmGKbdwzTOA
3sE2zUHouEVDKVOFCAzlbtHCjGqDf7D0ms7+em3qjt8YM2kBnXsI9KEpoXA0iUNH
a9tykZpCx66spXdYv/8Rd1RBwXOkJM/ryd1PMNFSZOA/RytHoUWdJLrJn+om/qmt
918yGeuhdLFuteOb+F/fRw0qddnmcwVdlz6fq3RXLMNLNOfFSKOSHSLktNU9SRyS
2zrVr500AyRLUsvnHL4VWAjINxxKUkP+RD43NBtmmlZy4M+HEG7iU4DqXv3KchrR
ufPbZoe/ti57pyBP20eNkDkSrVeJOmFUYJ8P5ZmXuOjam37vrlYd21ngnzz5KeCP
dgiNVItvPh0AxU17yhUMCvB39hNowiJGuUsPMzs34sFI2LS7RVr4Skzf65h8P4wO
4a9/VN9vz7GpzBC1PHxU5tu7fSyiFL6E4xpNm2zVkDq1ch1AYdT3WjpRhSrz+cSS
LM379TCSMJ9k9J0uji6mMrlhHaZk/OwaFap8TeKvZp9gOoTb1vvFNgiJfvRaAjS6
VXCbtvr5LDCf/DIDxt4k
=uXhB
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list