Generic question about password cracking

Discussion in 'macOS' started by mfuser1, Aug 21, 2009.

  1. mfuser1 macrumors newbie

    Joined:
    Aug 21, 2009
    #1
    I'm trying to see how safe encrypted data is.

    Say I have an encrypted disk image in Mac OS X, and let's say it's 256-bit AES.

    So I make the password: aW@lS5Ud>Q1s4T!2f6Z~

    My question is, for someone to crack the password, how do they do it other than, like me, typing in the password in the password entry box?

    For example, it takes me one try to do it, which takes about 8 seconds to get the password entry box up, type it in, and hit enter. If they continue to try with incorrect passwords, it would take them 8 seconds per attempt, right? With this method, it seems impossible that someone could break in if you make the password really difficult to guess as shown above.

    On the other hand, is there a program that either:

    1. puts in guesses at a significantly faster rate, eg 100 guesses per second, or
    2. bypasses the password entry box, or
    3. finds the password some other way?

    If so, then no matter how difficult you made the password, they could find it with enough computing power and time, right?

    Could that be done on a Mac OS X filevault or encrypted disk image?

    This has been on my mind for years, but never been able to find an answer.
     
  2. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #2
    http://www.nist.gov/public_affairs/releases/aesq&a.htm

    Don't worry about it. :D
     
  3. uaecasher macrumors 65816

    uaecasher

    Joined:
    Jan 29, 2009
    Location:
    Stillwater, OK
    #3
  4. Sayer macrumors 6502a

    Sayer

    Joined:
    Jan 4, 2002
    Location:
    Austin, TX
    #4
    Brute force is a long, hard way to do it.

    Most likely the hacker would look for a weakness in the file format or the software to handle the decryption to exploit.

    Some older "password protected" formats would store the actual password in the file somewhere.

    Now files typically store only a hash of the password (typ. a 32 bit number computed from the actual password). These are not totally secure either depending on the hash function used. There are dictionaries of just hash values of various words and even phrases that can be used by a program to crack a hashed password.

    WiFi WEP cracking uses a method of "brute force" and hash cracking to get in "easily." Easy as in needing a third-party WiFi device and 10-15 minutes of blasting the base station with junk packets to collect enough hashes that the password can be deduced mathematically.
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    There are indeed programs that help with cracking passwords. I have some installed. Very few hackers try to crack a password by hand, like they sometimes show in TV/Movies where they try the person's kids name or birth date. Though there are still plenty of people who uses ridiculously simple passwords.

    Typically though, gaining access to them system doesn't use cracking, but forms of social engineering. It's how Palin's Twitter and Hotmail accounts got hacked. No cracking was done, just smarts.
     

Share This Page