How secure is 128-bit disk image encryption?

Discussion in 'macOS' started by Heb1228, Apr 20, 2006.

  1. Heb1228 macrumors 68020

    Heb1228

    Joined:
    Feb 3, 2004
    Location:
    Virginia Beach, VA
    #1
    This is mainly just one of those 'I always wondered' things. How secure really is the 128-bit encryption offered in Disk Utility? Is it virtually impossible to crack? Somewhat difficult? How long would it take someone who really knew what they were doing?

    If anybody wants to try, I made a sample encrypted disk image. See if you can get into it. Its 2MB and you can download it here. After downloading, you'll have to take the .txt off the end of the filename so its just challenge.sparseimage. See if anyone can tell me whats inside. :eek:
     
  2. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #2
    It's as secure as your password is.

    128 bit encryption is impossible to break in the foreseeable future with a completely random key, but since the key depends on the password you set, the strength is limited by your password.
     
  3. The Mad Kiwi macrumors 6502

    Joined:
    Mar 15, 2006
    Location:
    In Hell
    #3
    It's US government approved for export so ................
     
  4. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #4
    I'd quite like to know about this. I assumed it's fairly secure, but I would like to know if I could rely on it to store sensitive documents etc.
     
  5. Shamus macrumors 6502a

    Shamus

    Joined:
    Feb 26, 2006
    #5
    I thought 128-bit encryption could be cracked in about an hour. Dont know much bout it, so im not sure.
     
  6. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #6
    It's a good thing you weren't sure, because that's very wrong.

    Cracking 128-bit symmetric encryption takes approximately 2^82 CPU-years theoretically and also in practice (as far as academica knows at least). That's assuming a general purpose computer that can try 1 million keys per second.

    It means that 1 billion computers can work day in and day out trying to crack Heb's encrypted disk image, and it will still take them on average 4 million times a billion years to crack it.

    Even if we assume that a special purpose cracking circuitry can try 1 billion keys per second and we use 1 trillion such circuits it will still take 4 billion years to crack the disk image.


    Edit: Ah ... I get it. You've heard about 128 bit WEP encryption that can be cracked in about an hour. That's true, but that's because there's a flaw in the WEP protocol that leaks information about the key.

    2nd Edit: As for the security of the password. If the password is English-like, with just a few added numbers or symbols, the best entropy you can hope for is 5 bits per character. That means you'll need a 128/5 = 25.6 character password to not weaken the 128-bit encryption scheme. If the password is very English-like, the entropy will be closer to 2 bits per character, and you'll need a 64 character password to match the security of the encryption scheme.
     
  7. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #7
    From what gekko513 has said, its virtually impossible for it to be broken, at least easily or any time soon :p This re-assures me about the level of security it offers.

    However......

    The thing that concerns me is the comment by The Mad Kiwi in that the technology is 'US government approved for export', so does this mean there's some sort of backdoor which can be used by governments etc? If so, doesn't this provide a much easier way for someone to try to break the encryption?
     
  8. gauchogolfer macrumors 603

    gauchogolfer

    Joined:
    Jan 28, 2005
    Location:
    American Riviera
    #8
    I think that what Mad Kiwi meant is that 128-bit encryption meets a US government standard for security. When classified data is carried outside the country, even if it stays on your computer, it is considered an 'export'. For such circumstances stringent controls on data protection are enforced. I believe that 128-bit encryption meets this level of protection.
     
  9. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #9
    So 'theoretically' if I was to place some sensitive data inside an 128-Bit Encrypted Disk Image, its virtually bullet proof from even the most sophisticated attempts to break it? To put it more bluntly, even the top code crackers of government couldn't break it?

    I'm paranoid about 2 things in computing, namely backups and security. In terms of security, I dont want to place data inside an encrypted disk image with a false sense of security. If I know it's only a deterrent to the average hacker, then that's fine, but I don't want to put data in there thinking it's more secure than it actually is...

    Sorry to play this out, but you guys seem to know what you're talking about....
     
  10. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #10
    It's impossible to say for sure, but the new 128 to 256 bit crypto standard algorithm AES was the result of an open evaluation process. The cipher that got selected was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael".

    It is therefore unlikely that there is a deliberate backdoor built into it.
     
  11. NATO macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #11
    Another quick question:

    Is it possible when creating an encrypted disk image to specify the key length? I think OS X defaults to AES-128 with a 128-bit key. Is is possible to specify a key length of 256-bit?
     
  12. supremedesigner macrumors 6502a

    supremedesigner

    Joined:
    Dec 9, 2005
    Location:
    Gainesville, Fl
    #12
    Kinda off-topic

    I wondered if they ever ever cracked the FileVault that ever since it came out with Panther?
     
  13. Heb1228 thread starter macrumors 68020

    Heb1228

    Joined:
    Feb 3, 2004
    Location:
    Virginia Beach, VA
    #13
    For what has been said earlier, I believe FileVault will be exactly as hard to crack as an encrypted disk image, but again it depends on having a somewhat long, alphanumeric password to really achieve that highest level of security.

    But even knowing what kind of encryption it is would probably deter most people from trying to crack it, even with a fairly simple password. That is, unless you chose something like your admin password which can sometimes be figured out by looking at some of OS X's logfiles since OS X logs each time you misspell your password. For instance if your password was 'hello' and you typed 'helol', i believe that goes into a log file that some people can find who know what they are doing. I could be wrong about this, but I believe I've heard some people on MR talk about this as a sort of vulnerability before.
     
  14. supremedesigner macrumors 6502a

    supremedesigner

    Joined:
    Dec 9, 2005
    Location:
    Gainesville, Fl
    #14
    You know what really suck? If "terrorist" enable FileVault that contain documents where to attack next and FBI won't be able to crack it. That will be bad.
     
  15. m-dogg macrumors 65816

    m-dogg

    Joined:
    Mar 15, 2004
    Location:
    Connecticut
    #16
    Can you put an encrypted disc image inside another encrypted disc image? So even if they (whoever 'they' are) managed to crack your image, they'd open it up to find yet another encrypted image inside of it?

    Some of this is confusing to me - Let's say I use one of these with a ~40 character password consisting of a mix of capital, lowercase & numeric characters. What is the estimated time to crack such a password?
     
  16. Mernak macrumors 6502

    Joined:
    Apr 9, 2006
    Location:
    Kirkland, WA
    #17
    Basically from what i understand, 128 bit encryption is essentiallt impossible to break if its just a couple of computers, last for a long time (more than a year, assuming computers are running day and night, only attempting to break the file) against a small buisness server, couple months against a huge server(same circumstances as above)... and .01 seconds against the CIA mainframe(apparently). I read this in a book about cryptography a while back. so as long as the CIA doesn't want the files, you are safe.
     
  17. Sogo macrumors 6502

    Joined:
    Jan 4, 2004
  18. zami macrumors regular

    Joined:
    Dec 19, 2003
    Location:
    South London
    #19
    http://www.thecrypt.co.uk/lockdown/recovery_speeds.html

    What happens if you mix in non european alphabets and numbers such as Bengali, Cyrillic, Thai, Mandarin, Arabic etc?

    Let's see how quick the CIA's supercomputer is with that (mind you they would just start pulling your fingernails out, shipping you off to Guantanamo or killing your family to get the key).:D
     
  19. Heb1228 thread starter macrumors 68020

    Heb1228

    Joined:
    Feb 3, 2004
    Location:
    Virginia Beach, VA
    #20
    Or just put you in a room with Jack Bauer. They'd have the password in like 30 seconds.
     
  20. Gurutech macrumors 6502

    Joined:
    Jan 22, 2006
    #21
    LOL sooo true
     
  21. iBunny macrumors 65816

    Joined:
    Apr 15, 2004
    #22
    So how can I make a secure disk image on my external HDD? My concern is I have to deal with personal information for my small buisness like Social Security numbers , dates of birth and what not...
     
  22. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #23
    This is wrong. See my post above. Those numbers would fit 56 bit encryption a while back. The old American encryption standard DES was 56 bit encryption.
     
  23. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #24
    If you chose those 40 characters in an entirely random manner, you would get the type of security they were talking about in Diatribe's link.

    Capital, lowercase & numeric characters counts up to 26+26+10 = 62 different characters to choose from. To find how many bits of security that is, solve the equation 2^x = 62 => x = ln 62 / ln 2 = 5.954 bits.

    40 characters gives 40 * 5.954 = 238.16 bits security. That's much stronger than the 128 bits security of the encryption scheme, so it's overkill, because the attacker can go after the encryption key instead of the password.

    However, if the 40 characters aren't chosen entirely randomly, the security falls dramatically against an attacker with a sophisticated linguistics based password cracker machine. Like I said in a previous post, if the password is language based but has some numbers and special characters intermixed, you can reach an entropy of 5 bits per character.

    40 characters then gives 40 * 5 = 200 bits of security. That's still plenty.

    If your password is entirely normal english language, the entropy is less than 2 bits per character.

    40 characters then gives less than 40 * 2 = 80 bits of security. That is still a lot, but now the password is the weakest link.

    To calculate how long it takes to break the password, estimate how many passwords a computer can test per second. Diatribe's link suggests somewhere between 10 and 100 million passwords can be hashed in one second, but in this case, the hash value must also be used to initialise an AES key and test decrypt a block of the disk image, so a normal computer can do about 1 million tests per second.

    1 million tests ≈ 2^20 tests
    1 year = 60*60*24*365 secs = 31536000 ≈ 2^25

    The 40 character pure english password takes less than
    2^80 / 2^20 / 2^25 = 2^(80-20-25) = 2^35 = 34 359 738 368
    years to break on a normal computer using a sophisticated linguistics based attack.
     
  24. SmurfBoxMasta macrumors 65816

    SmurfBoxMasta

    Joined:
    Nov 24, 2005
    Location:
    I'm only really here at night.
    #25
    Normal people, with normal computers, will be hard pressed to crack a strong password and 128bit encryption, UNLESS they have physical access to the machine that the data is on.

    However, you have to remember that the gov't has access to things that normal people dont :p

    And knowing someone who does extremely high-level stuff for the gov't, I can assure you, WITHOUT ANY DOUBTS WHATSOEVER, that if they want/need to crack yours, or anyone elses, passwords & encryption schemes, the can & will do it in a friggin heartbeat !
     

Share This Page