Yesterday, I was watching swordfish movie in which the hero is braking into 128 Bit Encrypted web site while taking a job within 1 minute. :eek4:

How is this possible with a DELL laptop ! :confused:

Later on he develops program to break into 1024 Bits encrypted network !!

Now that looks fishy!! :rolleyes:

Today, I was looking for some information weather it is possible to break 128 Bit encryption and web says it will take pretty long time to break if keys are used in proper way.

Have you ever heard anything like movie swordfish or breaking 128 bit or higher bits encryptions !! :nuts:

If you know anything about encryption or you are Cryptographer, please share your knowledge about encryption and not make this post only a joke. :)

128 bit of course its possible, with the power of todays technology... anything can be done..............

I think he broke the 1024 encryption by using a cluster of pcs, on a t3 line........ but that is probably all fantasy stuff...

I don't doubt that it's possible. Wonder if it'll ever be possible to program worms in 3d graphics programs like they did in that movie...lol

Duh. It's a MOVIE. Of course it isn't real.

Originally posted by lightnin
I don't doubt that it's possible. Wonder if it'll ever be possible to program worms in 3d graphics programs like they did in that movie...lol

That was sweet goto get meself some of those "worms"

But it says

"128-bit encryption is 309,485,009,821,345,068,724,781,056 times stronger than 40-bit encryption"

http://www.avolio.com/columns/pkiq+a.html
For comparison purposes, let’s use a (so far) non-existent computer that can guess 1 trillion (1 followed by 12 zeroes) keys a second. On average, it would take around 2 million million million (2 followed by 18 zeroes) years to guess the key.


http://www.tinhat.com/surveillance/code_breaking.html

Public challenges to break 56 bit encryption have brought results using lots of ordinary computers in parallel. In 1999, the DES crack challenge successfully broke 56 bit encryption in 22 hours.


http://www.apnic.net/mailing-lists/s-asia-it/archive/1999/06/msg00013.html

It took 22,000 participants, using idle time of 50,000
CPUs, hitting 72 quadrillion possible keys to break 56-bit data encryption standard. The effort needed to
break 128-bit is much more and it discourages all enthusiastic hackers.


Now what kind of today's computers posses these capabilities.

Do you think US army or government had such computers.

Do you think US army or government had such computers.

They have alot of things the public doesn't know about and shouldn't know about.

The US government can crack 512 bit public key encryption on a whim. It is reasonable to suppose that they can crack 1024 bit public key encryption as well.

128 bit symmetric encryption, however, is quite outside of their capabilities without attacks which are significantly beyond the publicly known state of the art. At that point, it is mathematical improvements which are important, not faster computers.

They have alot of things the public doesn't know about and shouldn't know about.
Yes, where Roswell (Area-51) has alien spaceships, Las Vegas has unnaturally-lucky aliens hired by the Government to break codes and help pay down the national debt through gambling. :)

I'm confident most military-grade "hacking" PC's are at least a year ahead of what we see and constantly upgraded. Where in 1999 it took 22000x450mhz cracking DES encryption I'd look for multi-processor 4-6Ghz computers x a good bunkferfull of gargantuan power.

-Matt

Yes, where Roswell (Area-51) has alien spaceships, Las Vegas has unnaturally-lucky aliens hired by the Government to break codes and help pay down the national debt through gambling.

Nobody said that.

450Mhz x 22000 = ~ 9900 GHZ

Now that was for 56 bit and when it comes to 128 or 512 bits i guess cperciva is right - mathematical improvements must be the key.

anyway, then also you can't use it to break secure communication within minutes

ok, the computer side of it doesnt amuse me, anythings possible with computers but MAN doing it while taking on a *ahem* (children present) from her, hmmm, thats not gonna be easy :stickout

At least Swordfish was a little bit closer to reality than Hackers was...

Still Sneakers was still the best computer techie movie ever made...IMO..

Still Sneakers was still the best computer techie movie ever made...IMO
I don't know if this would be considered a "computer techie" movie.
But nonetheless my vote definitely goes too Office Space.

The US gov. doesn't need to crack it. They already can because they have esentially forced software developers to stay at 1024 so they can control the technology and still eavsdrop on other counties.

of course its logically possible, man created it, man can destroy it.
But the CIA keeps all the super hackers, blackmailing them with their identities, only using them for their superiority in hacking skills, to break into russian systems and routinely check military positional status.

;)

Freetones,
Thats a great theory. I never thought of that. What if the CIA did really keep all the hackers in check and utilize them to weaken othern governments. Go CIA! ;)

The CIA doesn't do that. Neither does the NSA.

They do hire good people, but there are equally large numbers of good people who get nongovernmental jobs. Good people don't appear overnight; they slowly develop their talents and we would notice if they were all disappearing.

(I must say, I feel slightly insulted that I haven't heard from them yet. But I'm not a US citizen, so that might explain things.)

LoL, The CIA and NSA has a hard time keeping good people as is, you tell me.


60,000 a year crunching numbers for the NSA

250,000 a year being the big **** @ some private security firm that handles security for large corporations....

You tell me which one you'd pick :)

Originally posted by DanielP
60,000 a year crunching numbers for the NSA

$80K, actually, and only US citizens can be employed, but those are only the official rules.

Black budgets can hide an awful lot of things, and with about $4.5B to spend, the NSA can certainly afford to pay more to their best people.

Originally posted by cperciva


$80K, actually, and only US citizens can be employed, but those are only the official rules.

Black budgets can hide an awful lot of things, and with about $4.5B to spend, the NSA can certainly afford to pay more to their best people.

NSA Employs more mathematicians then anyone else on the planet....And I'm pretty sure their budget is bigger than $4.5B.... It's probably just 4.5 on paper...

And think about how much computing power a fraction of 4.5B can buy in a year....

How big of a number crunching cluster can you imagine :D...
They have a bigger one I'm sure.. :D...

IMO about the NSA... If they want in on an encrypted file, or transmission they'll get it, one way or another:)

http://www.amk.ca/python/writing/pycrypt/pycrypt.html#SECTION000420000000000000000

3.2 Security Notes
Encryption algorithms can be broken in several ways. If you have some ciphertext and know (or can guess) the corresponding plaintext, you can simply try every possible key in a known-plaintext attack. Or, it might be possible to encrypt text of your choice using an unknown key; for example, you might mail someone a message intending it to be encrypted and forwarded to someone else. This is a chosen-plaintext attack, which is particularly effective if it's possible to choose plaintexts that reveal something about the key when encrypted.
DES (5100 K/sec) has a 56-bit key; this is starting to become too small for safety. It has been estimated that it would only cost $1,000,000 to build a custom DES-cracking machine that could find a key in 3 hours. A chosen-ciphertext attack using the technique of linear cryptanalysis can break DES in pow(2, 43) steps. However, unless you're encrypting data that you want to be safe from major governments, DES will be fine. DES3 (1830 K/sec) uses three DES encryptions for greater security and a 112-bit or 168-bit key, but is correspondingly slower.

There are no publicly known attacks against IDEA (3050 K/sec), and it's been around long enough to have been examined. There are no known attacks against ARC2 (2160 K/sec), ARC4 (8830 K/sec), Blowfish (9250 K/sec), CAST (2960 K/sec), or RC5 (2060 K/sec), but they're all relatively new algorithms and there hasn't been time for much analysis to be performed; use them for serious applications only after careful research.

Originally posted by Studio64
NSA Employs more mathematicians then anyone else on the planet.

I know. I'm a mathematician.


...And I'm pretty sure their budget is bigger than $4.5B.... It's probably just 4.5 on paper...


No, their budget is definitely around $4.5B. Actually, their budget is classified, but various leaks and arithmetic has made the total pretty clear.


And think about how much computing power a fraction of 4.5B can buy in a year....


Enough to operate a research foundry and lease fab capacity (and tempest-shielded floor space) from IBM and Motorola. Enough silicon to perform 10^24 bit operations per second. But not enough to brute force a 128-bit key.

IMO about the NSA... If they want in on an encrypted file, or transmission they'll get it, one way or another:)

Cryptanalysis has, and will, always come in fourth after bribery, burglary, and blackmail; to that list should also be added "implementational weaknesses" such as everything TEMPEST, software bugs, etc.

Public seems to know all the U.S secrets these days, some guys on the inside like spread secret info ;)

Originally posted by jayjay


They have alot of things the public doesn't know about and shuldn't know about.

No matter how many thousand bits encryption you have if you password is 'password' it doesnt take too long to hack it.

And yes, you can also do it using a Dell laptop too.:D

But nonetheless my vote definitely goes too Office Space.

Styles, that movie is a RIOT! I think it's great too! =)

I was watching a programme called "The world's best kept secrets" on The discovery channel, and in an episode gave the info that only the NSA has the ability to decrypt 128-1024 bit encryption. It also said that they are not sure if the FBI or the CIA has that technology, but definately NSA has it.


:homer:

What are the hardwares necessary to brute force a 128 bit encryption?

Well 128 bit encryption has a possible 2^128 keys to try. So if you take the NEC Earth Simulator that can do 40TFlops (Couldn't find instructions per second for it) and also take it that it can run the testing of a key in just one floating point op (not likely) then it would take:

2^128 / 4.00E13
~= 8.51E24 seconds
~= 2.70E17 years

as the maximum time to guess the correct key. As you can see, that's a lot of time, and that's for the worlds fastest super computer, and that's assuming it could guess a key in one FLop - not likely at all. It also assumes my calculations are correct, but I believe they are.

A bit more for you, if you took all of the Top500 super computers and used them all to start guessing, it would take:

~3.99E24 seconds
~1.26E17 years

based on everything given above.

So as you can tell, brute forcing 128bit is not the best approach, the best approach is by far investigating weakneses in the method used, be it RC5, Blowfish, or in the case of PKI, ivestigating improvements in factoring routines and again looking for weakneses.

Originally posted by cperciva


Black budgets can hide an awful lot of things, and with about $4.5B to spend, the NSA can certainly afford to pay more to their best people.

what is Black Budget?

Is it official?

If not then how and from where government earn it??

sorry too many questions :cartman:

Originally posted by mahinder

what is Black Budget?


A "black budget" is where Congress is asked to approve the provision of unspecified amounts of money to unspecified projects because the exact amounts and projects are considered too sensitive to discuss. For example, the nuclear bomb was funded via such a budget; in this manner, the Manhatten project was hidden from people who would surely have been asking questions if they had known how much money was being spent on it.

Originally posted by RackNine

Yes, where Roswell (Area-51) has alien spaceships, Las Vegas has unnaturally-lucky aliens hired by the Government to break codes and help pay down the national debt through gambling. :)



Isn't Area-51 allegedly located in the nevada desert?
And Roswell is a whole different place?

Originally posted by Studio64


IMO about the NSA... If they want in on an encrypted file, or transmission they'll get it, one way or another:)
Only in the movies.

* If you have your decrypting keys on a box with a vulnerable FTP daemon, calculations will be different.

* If the encrypted information loses its value by the time it is decrypted, then your encryption is effective.

If you change your DES password every hour, then even if somebody has that machine that can break the key in 3 hours, they will never break your key. The same with the U.S government and stronger encryption algorithms.

Erm, in the movie, he didn't crack the encryption - he cracked the password.

Look closely and you'll see "user, root, admin, guest..." scroll on the screen, and I'm thinking that it's quite clear he's guessing the password.

ubergeek22 ..

If he is guessing the password, how does he know when the password is the correct one?

If he is just submitting the password each time to the target machine, then he is using it to crack the password, there wouldn't be any point haveing a cluster of servers or whatever advanced equipment.

nec earth simulator isn't the fastest computer in the world.

As of June 2002 it was. Outranking the nearest rival by a factor of 5, see www.Top500.org

I stand corrected =)

np, a lot of sites out there still have ASCI White listed as the fastest as they haven't updated, even though the Earth simulator has been around since March time this year.

Hacking tip for the day....

If you need to hack into your friends computer




Just push them of thier chair :D