Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

mfuser1

macrumors newbie
Original poster
Aug 21, 2009
2
0
I'm trying to see how safe encrypted data is.

Say I have an encrypted disk image in Mac OS X, and let's say it's 256-bit AES.

So I make the password: aW@lS5Ud>Q1s4T!2f6Z~

My question is, for someone to crack the password, how do they do it other than, like me, typing in the password in the password entry box?

For example, it takes me one try to do it, which takes about 8 seconds to get the password entry box up, type it in, and hit enter. If they continue to try with incorrect passwords, it would take them 8 seconds per attempt, right? With this method, it seems impossible that someone could break in if you make the password really difficult to guess as shown above.

On the other hand, is there a program that either:

1. puts in guesses at a significantly faster rate, eg 100 guesses per second, or
2. bypasses the password entry box, or
3. finds the password some other way?

If so, then no matter how difficult you made the password, they could find it with enough computing power and time, right?

Could that be done on a Mac OS X filevault or encrypted disk image?

This has been on my mind for years, but never been able to find an answer.
 
http://www.nist.gov/public_affairs/releases/aesq&a.htm

In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key.

Don't worry about it. :D
 
Brute force is a long, hard way to do it.

Most likely the hacker would look for a weakness in the file format or the software to handle the decryption to exploit.

Some older "password protected" formats would store the actual password in the file somewhere.

Now files typically store only a hash of the password (typ. a 32 bit number computed from the actual password). These are not totally secure either depending on the hash function used. There are dictionaries of just hash values of various words and even phrases that can be used by a program to crack a hashed password.

WiFi WEP cracking uses a method of "brute force" and hash cracking to get in "easily." Easy as in needing a third-party WiFi device and 10-15 minutes of blasting the base station with junk packets to collect enough hashes that the password can be deduced mathematically.
 
There are indeed programs that help with cracking passwords. I have some installed. Very few hackers try to crack a password by hand, like they sometimes show in TV/Movies where they try the person's kids name or birth date. Though there are still plenty of people who uses ridiculously simple passwords.

Typically though, gaining access to them system doesn't use cracking, but forms of social engineering. It's how Palin's Twitter and Hotmail accounts got hacked. No cracking was done, just smarts.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.