GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Maybe you can help me understand this..because I'm not the best at math.
Lets say you encrypted a file with some type of encryption. So I can better understand this, lets pretend that key length is the only thing that matters. Please read all without jumping to answer, as a try and re-state my question at least once.
If there are a possible of A-Z, a-z, 0-9 !@#$%^&* that is a possible of 70 unique chars per char of your password. So, if you had a 14 character password, there is only a possible of 70^14 combos. so, when people actually say a 128bit encryption is stronger then 64 bit, how does this go figure? If they can both be cracked with the same 70^14 different completely random combos untill they eventualy hit your 14 char password you used. What makes a 128 bit encryption stronger then a 64bit when both of my passwords can eventualy be cracked with 70^14 combonations. They say it would take 2^128 possible combos to crack a 128 bit password.....how is this?
If you can help me understand...Thanks a ton, I feel kinda stupid
Last edited by GUIPenguin; 08-29-2006 at 08:15 AM.
Where do you get that a password has 14 letters?
Actually, if you use a password as an encryption key, you can double the number of letters when the key is 128 bits instead of 64.
Are you talking about a precise software?
You're thinking it the wrong way, it's not that simple.
A 128-bit encryption means a possibility of 2^128 numbers like you said. Often this means that there are so many hash values, i.e. numbers that are got when the original value (that is formed from a password or something) is somehow transformed using certain methods. First of all without knowing the method the original key is transformed it's quite difficult to get the original value from the hash value. And if the hash value is big so there are a lot of possibilities, it's even harder. And without the original value it's very difficult to try and deduce the password. By guessing the correct password you open all the locks in one try, but this thing is meant to make guessing (and systematic guessing) more difficult by providing so many possible numbers that the cracking process would take ages.
EDIT: here's an example of what could happen: you give a password, your pc encrypts it, your pc tries if it matches a stored, encrypted password and if it does, lets you through. If the two encrypted passwords do not match, you've typed a wrong password and you are not allowed to pass. Matching non-encrypted passwords is not as secure as matching crypted ones, since if you did that, you would have the possibilities you counted yourself. But if you do encrypt the passwords you make the process more difficult to guess; if somebody wanted your password, s/he would first need to get the encrypted password somewhere from inside your pc. Then s/he would need to know how it was encrypted, or what was the algorithm. A 128-bit encryption means there are a lot of possibilities to create a hash key, so instead of trying to guess your 14 letters one would need to try and guess a whole lot of more letters, plus the way they are put together.
I, sadly, am not a encryption guru and possibly the worst man on the planet to try and make this (one way of doing it) clear, but I hope you get the point. Passwords are not used just as they are today, but a much bigger process is behind it; encrypting files is based on the same idea.
Of course you can choose not to use encrypted passwords, but then somebody could just break into your harddisk some other way and read the clear passwords. It's safer they're encrypted all the time, thus preventing them from being read directly.
Oh, and from where would this cracker get to know your password was just 14 letters long? Without that information, and especially without the information about which letters are ok for the password, it makes it a lot trickier to just guess it. Knowing the length of the key and the chars used is a big piece of information.
Because that is the size of my password I am using as an example.. lol.
Just don't tell people your password is 14 characters long and you improve the security of it by a lot.
Indeed, if your password is always 70^14 possibilities and everybody know it, then you win nothing with 128 bits.
The thing with 128 bits is that there are more possibilities, unless you restrict it with a password of 14 characters.
You're thinking it the wrong way, it's not that simple.
A 128-bit encryption means a possibility of 2^128 numbers like you said. Often this means that there are so many hash values, i.e. numbers that are got when the original value (that is formed from a password or something) is somehow transformed using certain methods. First of all without knowing the method the original key is transformed it's quite difficult to get the original value from the hash value. And if the hash value is big so there are a lot of possibilities, it's even harder. And without the original value it's very difficult to try and deduce the password. By guessing the correct password you open all the locks in one try, but this thing is meant to make guessing (and systematic guessing) more difficult by providing so many possible numbers that the cracking process would take ages.
I still don't understand what the question is. Can help me understand?
For instance...lets say I have two files in my home folder. I choose to encrypt both files, but choose 64 bit encryption for one, and 128 bit encryption for the other.
My question was: Even if I don't tell someone how long my password is: lets say I choose a random 14 char password when I encrypt each file. if I use only lowercase numbers and letters, then I would have a-z 0-9 which would be 36 unique chars per char of my password.
SO...my question / statement was, regardless of using 64 bit, vs. 128 bit encryption.... if they are both using the same password, then they could BOTH be brute forced in 36^14 combinations before it was garenteed that all a-z, 0-9 chars were used before you hit my password and gained access on a try to unlock that file. For example using John the ripper to brute force a 64bit encryption, and a 128bit encryption...eventualy it would bruteforce that file after 36^14 tries for my given string length and char set.
Apparently this is not true by what people have said. Maybe a cracking program would need to try all 2^128 possible combos for that hash.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.