No, thankfully.Originally Posted by h3ro
No, thankfully.
Deep Crack, build in 1998 could test 90 billion keys per second, that's already a lot more than "10000" passwords a second. But it is true that bruteforce attacks are for idiots, as you can see here. Nowadays, the most common and effective way of breaking a cipher is through Cryptanalysis.
distributed.net was able to break the 56-bit DES key in less than 24 hours. It uses a system like Seti@Home or Folding@Home, breaking the keyspace into small blocks and distributing the key search over a number of clients.
Yes there are. Usually one can find flaws/weakpoints in the algorithm itself and find a way to crack the algorithm. But yes, brute force is 100% effective, it just takes an extremely long time.
"Anyone can aspire to greatness if they try hard enough."
- Me
And anyone have advice for the whole time conversion problem?
"Anyone can aspire to greatness if they try hard enough."
- Me
Sure, but by definition that would no longer be "brute force."
Or for people who need to crack a message encrypted with an algorithm with no known weaknesses...
Alrighty let's just clarify this issue so someone can help me out here =)
Brute force consists of trying EVERY possible password in order to decrypt a file, log-in to something, break a hash, etc. Most of the algorithms used today by governments and such are so secure (AES for instance), that one can ONLY use a brute force attack. It is NOT for idiots by any means. For all we know the NSA could have a supercomputer (and more than likely does) with thousands if not millions of processors which could run effective brute force attacks in a decent/reasonable amount of time.
With quantum computers on the horizon brute force attacks will be a real threat. No longer will it take thousands of years to crack a code, it could take a few minutes with the technology of the future.
The thing about brute force is that it IS 100% effective, at some point, you will enter the correct key and decipher the code, it's just in this day and age, a 128-bit key for AES encryption could (literally) take longer to crack than the lifetime of the universe. However, for a small key here it takes considerably shorter (well still long, an 8 character key, with upper, lower and numerals, and assuming the chances of finding the key in the first half are 50%, one could make a reasonable estimate that it would take about 70 years to find the key, testing about 50000 keys a second, the max would be about 140.)
However...
I'm asking about my time conversions, what's the matter with them?
"Anyone can aspire to greatness if they try hard enough."
- Me
You probably should use something along these lines:I'm asking about my time conversions, what's the matter with them?
milliseconds = time % 1000
time /= 1000
seconds = time % 60
time /= 60
minutes = time
Look up a C++ Reference and learn How To Ask Questions The Smart Way
So far as we know. A weakness could be discovered tomorrow. It is very difficult (nigh impossible) to PROVE that any given cipher is secure against cryptanalysis.
Even this is not strictly true. If the keyspace is sufficiently large compared to the ciphertext, it is possible that there is some key K2 which is different from the key used to encrypt the original message, which nevertheless yields a comprehensible plaintext. The extreme example of this is the one-time pad. The security of OTP hinges precisely on this fact -- if the keyspace is always at least as large as the message, you can never know if you've found the right key, even if the decryption looks "good."The thing about brute force is that it IS 100% effective, at some point, you will enter the correct key and decipher the code
Yes you are correct, we are assuming however a standard algorithm of today. Such algorithms, such as GOST, BLOWFISH, AES, etc. Do not have such collisions.
I neglected to mention that OTP's are the exception. They are impossible to crack, literally, you never know if you have the right key or not because it's more random and is as long as the plaintext. However, the security of OTP's relies on Complete randomness of the encrypting machine as well as NEVER using the same key twice. As soon as that happens, it's simple to crack.
I'm still having trouble with these time conversions. clock() returns the time in milliseconds right? I'm getting crazy numbers when it goes to convert. Perhaps the time in milliseconds is too big and it's wrapping around inside the unsigned int variable?
"Anyone can aspire to greatness if they try hard enough."
- Me
You could read cppreference on clock().clock() returns the time in milliseconds right?
Last edited by laserlight; 05-29-2007 at 11:16 PM. Reason: Oh dear, too used to the man tags at another message board
Look up a C++ Reference and learn How To Ask Questions The Smart Way
I just remember that clock() returns the number of clock cycles i believe.
Anywho... i fixed it myself. I switched from milliseconds to seconds and for some reason i was using a ton of modulus operators instead of division ??? i'm an idiot.
Thanks for the help.
"Anyone can aspire to greatness if they try hard enough."
- Me
clock() returns the time spent in units of CLOCKS_PER_SEC, which in theory could be anything at all. Use CLOCKS_PER_SEC, not some hardcoded value.
Thanks but i just used a time_t variable with the funtion time() and i'm set.
It works well, takes about 4 minutes to break a 4 digit password, not speedy gonzolez, but hey, it works.
"Anyone can aspire to greatness if they try hard enough."
- Me
