# How Long does it Take to Crack this Stuff?

January 19, 2008 20:16 by pavritch

SafeHouse uses time-proven symetric encryption algorithms to safeguard the data under its protection. In this post, I'm going to touch on some encryption theory which will show you just how strong this stuff really is.

The first thing to know is that SafeHouse does not include any home-grown encryption algorithms. If we did, we'd be under constant scrutiny and subject to challenge by experts in the field of cryptography. There are plenty of royalty-free commercial ciphers availble for use which have already been subjected to years of discussion and analysis by the world's leading experts. In SafeHouse, we use only the best, and you'll never need to wonder if our encryption is up to the task.

The available encryption algorithms in SafeHouse include:

Encryption strength is measured in bits. A bit is one unit of binary information (all those ones and zeros). SafeHouse Professional Edition uses 128-, 256- and 448-bit encryption strengths. SafeHouse Personal Edition only includes 128-bit encryption. The larger the number of bits, the stronger the encryption.

But what does all this mean? Is the 256-bit encryption in our Professional Edition that much stronger than the 128-bit encryption in the Personal Edition. Yes, 256-bit encryption is way stronger than 128-bit encryption. But as I'll explain below, 128-bit encryption is so strong that it's unlikely to be cracked in your lifetime, or even the lifetime of your great grandchildren.

Properly designed encryption algorithms never need to be kept secret. Computer source code and flow charts for the top algorithms are available to anyone. For any algorithm to pass muster, it must not able to be cracked by reverse engineering it. And when this is true, the typical method used to crack them is to perform what is commonly called a brute force attack.

Quoting Wikipedia for Brute Force Attack:

In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out. Accordingly, one definition of "breaking" a cryptographic scheme is to find a method faster than a brute force attack.

Another common form of attack on encrypted data is the dictionary attack. A dictionary attack is where hackers try all the words in the dictionary to see if you might have used some standard word phrase to compose your password. Although this is actually the method of attack you should be most concerned about (because as you read on you'll see that the brute force attack is computationally impracticle), I won't be discussing it in this post since here I'm more focused on the low-level encryption ciphers.

So just how strong is this stuff? Here is a great article which details the math behind how 320-bit encryption (about 40 characters long) would take billions of years to crack using an exhaustive brute force attack. Yes, that was billions - it wasn't a typo. Dialing that back a few bits for the 128-bit strength in our Personal Edition, experts generally agree that it would still would take hundreds, if not thousands of years.

The bottom line is that nobody is going to crack SafeHouse using a brute force attack. In fact, people in the know wouldn't even try because they know the math behind it all and therefore understand just how infeasible it really is. Instead, they would likely try a dictionary attack to see if you might have used a common word, such as a person's name, birth date, or something related to your hobby.

In the end, it really turns out that people (yes, my customers) are the weakest link. People are inevitably creatures of habbit, and often lazy. All too often people choose passwords which are easily found out even by the most novice of hackers.

In SafeHouse, we try to help you pick strong passwords by including a password strength meter which visually shows you how good your password is. Our Professional Edition even includes a 250K-word dictionary of weak passwords, and then warns you when you choose one from this list.

So if you want to be safe, please, pick strong passwords --- because YOU really are the weakest link.

Tags:
Categories:
Actions: E-mail | Permalink | Comments (0) | Comment RSS