Maybe you can help me understand this..because I'm not the best at math.
Lets say you encrypted a file with some type of encryption. So I can better understand this, lets pretend that key length is the only thing that matters. Please read all without jumping to answer, as a try and re-state my question at least once.

If there are a possible of A-Z, a-z, 0-9 !@#$%^&* that is a possible of 70 unique chars per char of your password. So, if you had a 14 character password, there is only a possible of 70^14 combos. so, when people actually say a 128bit encryption is stronger then 64 bit, how does this go figure? If they can both be cracked with the same 70^14 different completely random combos untill they eventualy hit your 14 char password you used. What makes a 128 bit encryption stronger then a 64bit when both of my passwords can eventualy be cracked with 70^14 combonations. They say it would take 2^128 possible combos to crack a 128 bit password.....how is this?

If you can help me understand...Thanks a ton, I feel kinda stupid

I'm a dumb person and know absolutely nothing about security.
But here is what I think is happening.

The main point is your password is "stored" on your computer somewhere or passed through the internet during remote authentication.

If it's not encrypted people can see the password directy.

Where do you get that a password has 14 letters?
Actually, if you use a password as an encryption key, you can double the number of letters when the key is 128 bits instead of 64.
Are you talking about a precise software?

That wasn't my question... but thank you very much for taking the time to respond.

Because that is the size of my password I am using as an example.. lol.

I'm sorry, I re-read it 3 times and it doesn't make sense to me.
It must be because english is not my native language or because I'm just stupîd.

You're thinking it the wrong way, it's not that simple.

A 128-bit encryption means a possibility of 2^128 numbers like you said. Often this means that there are so many hash values, i.e. numbers that are got when the original value (that is formed from a password or something) is somehow transformed using certain methods. First of all without knowing the method the original key is transformed it's quite difficult to get the original value from the hash value. And if the hash value is big so there are a lot of possibilities, it's even harder. And without the original value it's very difficult to try and deduce the password. By guessing the correct password you open all the locks in one try, but this thing is meant to make guessing (and systematic guessing) more difficult by providing so many possible numbers that the cracking process would take ages.

EDIT: here's an example of what could happen: you give a password, your pc encrypts it, your pc tries if it matches a stored, encrypted password and if it does, lets you through. If the two encrypted passwords do not match, you've typed a wrong password and you are not allowed to pass. Matching non-encrypted passwords is not as secure as matching crypted ones, since if you did that, you would have the possibilities you counted yourself. But if you do encrypt the passwords you make the process more difficult to guess; if somebody wanted your password, s/he would first need to get the encrypted password somewhere from inside your pc. Then s/he would need to know how it was encrypted, or what was the algorithm. A 128-bit encryption means there are a lot of possibilities to create a hash key, so instead of trying to guess your 14 letters one would need to try and guess a whole lot of more letters, plus the way they are put together.

I, sadly, am not a encryption guru and possibly the worst man on the planet to try and make this (one way of doing it) clear, but I hope you get the point. Passwords are not used just as they are today, but a much bigger process is behind it; encrypting files is based on the same idea.

Of course you can choose not to use encrypted passwords, but then somebody could just break into your harddisk some other way and read the clear passwords. It's safer they're encrypted all the time, thus preventing them from being read directly.

Oh, and from where would this cracker get to know your password was just 14 letters long? Without that information, and especially without the information about which letters are ok for the password, it makes it a lot trickier to just guess it. Knowing the length of the key and the chars used is a big piece of information.

we all are some times

Just don't tell people your password is 14 characters long and you improve the security of it by a lot.
Indeed, if your password is always 70^14 possibilities and everybody know it, then you win nothing with 128 bits.
The thing with 128 bits is that there are more possibilities, unless you restrict it with a password of 14 characters.

Thanks, that makes a bit more sense, what you said pretty much is summorized here: http://computer.howstuffworks.com/encryption5.htm

I think im going to buy a basic book on cryptography.

I still don't understand what the question is. Can help me understand?

For instance...lets say I have two files in my home folder. I choose to encrypt both files, but choose 64 bit encryption for one, and 128 bit encryption for the other.

My question was: Even if I don't tell someone how long my password is: lets say I choose a random 14 char password when I encrypt each file. if I use only lowercase numbers and letters, then I would have a-z 0-9 which would be 36 unique chars per char of my password.

SO...my question / statement was, regardless of using 64 bit, vs. 128 bit encryption.... if they are both using the same password, then they could BOTH be brute forced in 36^14 combinations before it was garenteed that all a-z, 0-9 chars were used before you hit my password and gained access on a try to unlock that file. For example using John the ripper to brute force a 64bit encryption, and a 128bit encryption...eventualy it would bruteforce that file after 36^14 tries for my given string length and char set.

Apparently this is not true by what people have said. Maybe a cracking program would need to try all 2^128 possible combos for that hash.

Ok, I thought about it. I think I kind of know what the question is.

You mean why bother using 128 bit or 64 bit to encrypt data, when my original key is smaller than 64 bit?

If that's your question, my answer is how do you know you successfully decrypt the data from brute force?

Even if you tried all the combination, you don't know if the decrypt data is same as original.

Also I want to note the length of the encryption(128 bit/64 bit) is just there to make "reverse engineer" harder.

128 bit encryption is usually(but not necessary) harder to reverse engineer to find the original data. It depend on the algorithm.

That is important. Since if you check the history of encryption, there are "a few" which can be reversed engineer to find the original data.

Not with one way encryption you can't.... but you can with old cyphers

Let me sum it up.

You use your password to creat a key which is either 64 bit long or 128 bit long. This is through some sort of very complex algorithm.

The important part is people can't use the 64 bit or 128 bit key to find the original password.

Since it's nearly impossible to reverse the encryption process with the 64/128 bit key. The algorithm is too complicated.

But using your original password you can magically decrypt the data(we call it math magician).