Javascript is not enabled on your browser.
You have to enable javascript to see the content of this page.
You can read
here
how to enabled javascript on your browser
version: 2020.3.4 - build:0
Main Topics
Electronic Identity
Asymmetric Encryption
Symmetric Encryption
Cooperative
Support Us
Independence
Papers and Source Code
About
Mission
Terms & Conditions
Contact Address
Legal
Partners
Privacy Policy
Performance of the AES and GBPMC code breaker tool
Performance of the
AES and GBPMC code breaker tool
When attacking AES on an Intel Core i7 clocked at 3.06GHz, 4.6 million keys can be tried
per second
!
Taking into account that most people use passwords like Susan85 or Peter12, it makes sense to take advantage of this fact:
There exist 26 characters a..z, 26 characters A..
Z and 10 numbers 0..9, totalling 62 possible bit patterns per byte. So only 62^7 = 3.52*10^12 possible 7-character password combinations exists when using this reduced character set.
Our little
code breaker tool
only requires 8.86 days to identify this password if AES 128 (AES with 128 bit passwords) is attacked with a single PC !
If in contrast the
GBPMC HASH/GBPMC_V1 hash/cipher combination is attacked, only 10 key combinations per second
can be tried with an Intel Core i7 clocked at 3.06GHz. Identifying a password like
Susan85 or Peter12 with a reduced character set (as above) would take 11.166,96 years with a single PC!
This comparison shows why AES or similar lightweight algorithms are dangerous as they suggest "security" to users but in reality they make life easy for those who want to break passwords.
Most of us tend to use short passwords. Even worse: Most passwords begin with a capital letter and end with a one- or two-digit number.
A clever attacker reduces with this knowledge the complexity for a 7-character password to 26*26*26*26*26*10*10 = 1,1881376*10^9 possible key combinations. Our little code breaker tool would be able to break AES 128 used with such passwords within 4.3 minutes ! It's clearly worth a try to use a codebook in conjunction with this assumption.
Those readers who do not want to believe what I'm writing here can ask their guru of choice if this is true or not. Any expert in this galaxy will (have to) confirm the figures. Some might even lower the time to break a code by half ! I'm stating worst case times on this page. In reality, after opproximately 50% of the time the right key is usually found.
We get asked from time to time to help for court proceedings.
One guy once said that it usually doesn't take long to identify the correct AES password. He clearly takes advantage of the short key setup time of AES and that it's possible to use state-of-the-art video boards to massively parallelize attacks on that cipher.
Those who ask for assistance to attack
a Polymorphic Cipher
are typically deceived when they hear that they can only try approximately 10 key combinations per second.
We've recently decided to bring this topic to "real life" by creating a code-breaking challenge. Break a 6-character
GBPMC HASH/GBPMC_V1
key consisting of only capital letters (A..Z), lower-case letters (a..z) and numbers (0..9) and you'll be able to see a movie that contains the exact location of 4 silver coins that are buried in the Alps. For AES 128, our little code breaker tool would require for this 36 bit challege 3.43 hours at maximum! Click here to read more (no link yet as the "real life challenge" is not yet ready).
Please click here to proceed to the main page of the AES and GBPMC code breaker tool
.
If you want to discuss with us about this topic, feel free to send a comment to us. Our
e-mail addresses are here
. We'll try to answer your questions or comments as good as possible. As we might receive a large number of e-mails, it might although be impossible to answer all of them.
September 06, 2011, C.B. Roellgen
Regarding Cookies on this Site
We are using cookies only for essential technical requirements to ensure a smooth visit of our website. We refuse any other usage of cookies. For legitimate interest, we collect our own range measurements for the purpose of website analysis (performance, design compatibility, interaction, language). More information are available in our Privacy Policy.