CODEWITHSUNDEEP
securitykeybrute-force
Tom Gullen
Tom Gullen

Reputation: 61775

Cracking a secure key

Another simple question from silly old me.

We keep hearing big numbers being thrown around, for example the key:

234234-234WEF-ER334AS-3535FWF

Would take 20 billion gazillion years for anyone to crack.

Could someone explain how you even know when you have cracked it? If you have permutated a trillion combinations how do you know if you have passed the correct one? Surely you would have to test it on the live system which wouldn't be able to handle that many requests so fast, and a half brained system admin would notice the attack.

I keep seeing competitions to 'crack the key ############', how are you meant to know when you have a solution? You magically come across the english phrase "Ha you wont find me!" or something?

What am I missing?

Upvotes: 0

Views: 337

Answers (3)

Mark Byers
Mark Byers

Reputation: 838974

If you are talking about public key cryptography you can tell when you have cracked the key if you have access to the public key (and you often do - it's typically made public, hence its name). This means you can do the attack offline and you can easily verify that you have found the private key by performing decrypt(encrypt(message)) for a message of your choice and check that you get the correct result back.

You can also often verify the result mathematically. For example with the RSA algorithm if you can factorize the number in the public key then you can prove that you have found the correct private key because the prime factors are used in the generation of the private key.

Upvotes: 4

Andrey
Andrey

Reputation: 60095

the key picking process has two steps:

  1. Pick next key (bruteforce or dictionary)
  2. Validate, if failed goto 1

If you are cracking remote application owner can prevent picking by limiting validations in some way. (3 attempts, then pause for example). If you are cracking something local, like encrypted rar file then owner can make picking hard by making validation heavy operation, like encode it several times.

Upvotes: 2

NullUserException
NullUserException

Reputation: 85478

how are you meant to know when you have a solution?

When the program/algorithm/system/whatever validating the key accepts it.

Depending on what they are trying to crack, the attacker can do the validation him/herself.

Upvotes: 1

Related Questions