Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How secure is 128-bit disk image encryption?

Heb1228

Heb1228

macrumors 68020
Original poster
Feb 3, 2004
2,217
1
Virginia Beach, VA
This is mainly just one of those 'I always wondered' things. How secure really is the 128-bit encryption offered in Disk Utility? Is it virtually impossible to crack? Somewhat difficult? How long would it take someone who really knew what they were doing?

If anybody wants to try, I made a sample encrypted disk image. See if you can get into it. Its 2MB and you can download it here. After downloading, you'll have to take the .txt off the end of the filename so its just challenge.sparseimage. See if anyone can tell me whats inside. :eek:
 
It's as secure as your password is.

128 bit encryption is impossible to break in the foreseeable future with a completely random key, but since the key depends on the password you set, the strength is limited by your password.
 
I'd quite like to know about this. I assumed it's fairly secure, but I would like to know if I could rely on it to store sensitive documents etc.
 
I thought 128-bit encryption could be cracked in about an hour. Dont know much bout it, so im not sure.
 
Shamus said:
I thought 128-bit encryption could be cracked in about an hour. Dont know much bout it, so im not sure.
Click to expand...
It's a good thing you weren't sure, because that's very wrong.

Cracking 128-bit symmetric encryption takes approximately 2^82 CPU-years theoretically and also in practice (as far as academica knows at least). That's assuming a general purpose computer that can try 1 million keys per second.

It means that 1 billion computers can work day in and day out trying to crack Heb's encrypted disk image, and it will still take them on average 4 million times a billion years to crack it.

Even if we assume that a special purpose cracking circuitry can try 1 billion keys per second and we use 1 trillion such circuits it will still take 4 billion years to crack the disk image.


Edit: Ah ... I get it. You've heard about 128 bit WEP encryption that can be cracked in about an hour. That's true, but that's because there's a flaw in the WEP protocol that leaks information about the key.

2nd Edit: As for the security of the password. If the password is English-like, with just a few added numbers or symbols, the best entropy you can hope for is 5 bits per character. That means you'll need a 128/5 = 25.6 character password to not weaken the 128-bit encryption scheme. If the password is very English-like, the entropy will be closer to 2 bits per character, and you'll need a 64 character password to match the security of the encryption scheme.
 
From what gekko513 has said, its virtually impossible for it to be broken, at least easily or any time soon :p This re-assures me about the level of security it offers.

However......

The thing that concerns me is the comment by The Mad Kiwi in that the technology is 'US government approved for export', so does this mean there's some sort of backdoor which can be used by governments etc? If so, doesn't this provide a much easier way for someone to try to break the encryption?
 
NATO said:
The thing that concerns me is the comment by The Mad Kiwi in that the technology is 'US government approved for export', so does this mean there's some sort of backdoor which can be used by governments etc? If so, doesn't this provide a much easier way for someone to try to break the encryption?
Click to expand...

I think that what Mad Kiwi meant is that 128-bit encryption meets a US government standard for security. When classified data is carried outside the country, even if it stays on your computer, it is considered an 'export'. For such circumstances stringent controls on data protection are enforced. I believe that 128-bit encryption meets this level of protection.
 
gauchogolfer said:
I think that what Mad Kiwi meant is that 128-bit encryption meets a US government standard for security. When classified data is carried outside the country, even if it stays on your computer, it is considered an 'export'. For such circumstances stringent controls on data protection are enforced. I believe that 128-bit encryption meets this level of protection.
Click to expand...

So 'theoretically' if I was to place some sensitive data inside an 128-Bit Encrypted Disk Image, its virtually bullet proof from even the most sophisticated attempts to break it? To put it more bluntly, even the top code crackers of government couldn't break it?

I'm paranoid about 2 things in computing, namely backups and security. In terms of security, I dont want to place data inside an encrypted disk image with a false sense of security. If I know it's only a deterrent to the average hacker, then that's fine, but I don't want to put data in there thinking it's more secure than it actually is...

Sorry to play this out, but you guys seem to know what you're talking about....
 
NATO said:
The thing that concerns me is the comment by The Mad Kiwi in that the technology is 'US government approved for export', so does this mean there's some sort of backdoor which can be used by governments etc? If so, doesn't this provide a much easier way for someone to try to break the encryption?
Click to expand...

It's impossible to say for sure, but the new 128 to 256 bit crypto standard algorithm AES was the result of an open evaluation process. The cipher that got selected was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael".

It is therefore unlikely that there is a deliberate backdoor built into it.
 
Another quick question:

Is it possible when creating an encrypted disk image to specify the key length? I think OS X defaults to AES-128 with a 128-bit key. Is is possible to specify a key length of 256-bit?
 
Kinda off-topic

I wondered if they ever ever cracked the FileVault that ever since it came out with Panther?
 
supremedesigner said:
Kinda off-topic

I wondered if they ever ever cracked the FileVault that ever since it came out with Panther?
Click to expand...
For what has been said earlier, I believe FileVault will be exactly as hard to crack as an encrypted disk image, but again it depends on having a somewhat long, alphanumeric password to really achieve that highest level of security.

But even knowing what kind of encryption it is would probably deter most people from trying to crack it, even with a fairly simple password. That is, unless you chose something like your admin password which can sometimes be figured out by looking at some of OS X's logfiles since OS X logs each time you misspell your password. For instance if your password was 'hello' and you typed 'helol', i believe that goes into a log file that some people can find who know what they are doing. I could be wrong about this, but I believe I've heard some people on MR talk about this as a sort of vulnerability before.
 
Heb1228 said:
For what has been said earlier, I believe FileVault will be exactly as hard to crack as an encrypted disk image, but again it depends on having a somewhat long, alphanumeric password to really achieve that highest level of security.

But even knowing what kind of encryption it is would probably deter most people from trying to crack it, even with a fairly simple password. That is, unless you chose something like your admin password which can sometimes be figured out by looking at some of OS X's logfiles since OS X logs each time you misspell your password. For instance if your password was 'hello' and you typed 'helol', i believe that goes into a log file that some people can find who know what they are doing. I could be wrong about this, but I believe I've heard some people on MR talk about this as a sort of vulnerability before.
Click to expand...

You know what really suck? If "terrorist" enable FileVault that contain documents where to attack next and FBI won't be able to crack it. That will be bad.
 
Can you put an encrypted disc image inside another encrypted disc image? So even if they (whoever 'they' are) managed to crack your image, they'd open it up to find yet another encrypted image inside of it?

Some of this is confusing to me - Let's say I use one of these with a ~40 character password consisting of a mix of capital, lowercase & numeric characters. What is the estimated time to crack such a password?
 
Basically from what i understand, 128 bit encryption is essentiallt impossible to break if its just a couple of computers, last for a long time (more than a year, assuming computers are running day and night, only attempting to break the file) against a small buisness server, couple months against a huge server(same circumstances as above)... and .01 seconds against the CIA mainframe(apparently). I read this in a book about cryptography a while back. so as long as the CIA doesn't want the files, you are safe.
 
zami said:
Let's see how quick the CIA's supercomputer is with that (mind you they would just start pulling your fingernails out, shipping you off to Guantanamo or killing your family to get the key).:D
Click to expand...
Or just put you in a room with Jack Bauer. They'd have the password in like 30 seconds.
 
So how can I make a secure disk image on my external HDD? My concern is I have to deal with personal information for my small buisness like Social Security numbers , dates of birth and what not...
 
Mernak said:
Basically from what i understand, 128 bit encryption is essentiallt impossible to break if its just a couple of computers, last for a long time (more than a year, assuming computers are running day and night, only attempting to break the file) against a small buisness server, couple months against a huge server(same circumstances as above)... and .01 seconds against the CIA mainframe(apparently). I read this in a book about cryptography a while back. so as long as the CIA doesn't want the files, you are safe.
Click to expand...
This is wrong. See my post above. Those numbers would fit 56 bit encryption a while back. The old American encryption standard DES was 56 bit encryption.
 
m-dogg said:
Can you put an encrypted disc image inside another encrypted disc image? So even if they (whoever 'they' are) managed to crack your image, they'd open it up to find yet another encrypted image inside of it?

Some of this is confusing to me - Let's say I use one of these with a ~40 character password consisting of a mix of capital, lowercase & numeric characters. What is the estimated time to crack such a password?
Click to expand...

If you chose those 40 characters in an entirely random manner, you would get the type of security they were talking about in Diatribe's link.

Capital, lowercase & numeric characters counts up to 26+26+10 = 62 different characters to choose from. To find how many bits of security that is, solve the equation 2^x = 62 => x = ln 62 / ln 2 = 5.954 bits.

40 characters gives 40 * 5.954 = 238.16 bits security. That's much stronger than the 128 bits security of the encryption scheme, so it's overkill, because the attacker can go after the encryption key instead of the password.

However, if the 40 characters aren't chosen entirely randomly, the security falls dramatically against an attacker with a sophisticated linguistics based password cracker machine. Like I said in a previous post, if the password is language based but has some numbers and special characters intermixed, you can reach an entropy of 5 bits per character.

40 characters then gives 40 * 5 = 200 bits of security. That's still plenty.

If your password is entirely normal english language, the entropy is less than 2 bits per character.

40 characters then gives less than 40 * 2 = 80 bits of security. That is still a lot, but now the password is the weakest link.

To calculate how long it takes to break the password, estimate how many passwords a computer can test per second. Diatribe's link suggests somewhere between 10 and 100 million passwords can be hashed in one second, but in this case, the hash value must also be used to initialise an AES key and test decrypt a block of the disk image, so a normal computer can do about 1 million tests per second.

1 million tests ≈ 2^20 tests
1 year = 60*60*24*365 secs = 31536000 ≈ 2^25

The 40 character pure english password takes less than
2^80 / 2^20 / 2^25 = 2^(80-20-25) = 2^35 = 34 359 738 368
years to break on a normal computer using a sophisticated linguistics based attack.
 
Normal people, with normal computers, will be hard pressed to crack a strong password and 128bit encryption, UNLESS they have physical access to the machine that the data is on.

However, you have to remember that the gov't has access to things that normal people dont :p

And knowing someone who does extremely high-level stuff for the gov't, I can assure you, WITHOUT ANY DOUBTS WHATSOEVER, that if they want/need to crack yours, or anyone elses, passwords & encryption schemes, the can & will do it in a friggin heartbeat !
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back