one for the eggheads to explain

D

Danya

Fledgling Freddie
Joined
Dec 23, 2003
Messages
2,466
So how's your office doing Undying, after you brute forced 256-bit in a week, violated the laws of physics and caused the fabric of space-time to collapse into a singularity? ;)
I didn't think computers worked in black holes, guess I was wrong ;p
 
Ctuchik

Ctuchik

FH is my second home
Joined
Dec 23, 2003
Messages
10,460
Boni said:
Interesting link, thanks, much like the seti at home project, I like the idea of distributing the problem to lots of home users, a great way to get lots of processing power :)
Click to expand...


as im a total idiot when it comes to this stuff i cant really give much "evidence" about this. but isnt "hijacking" CPU power one of the more comonly used ways to get enough process power? seem to remember hearing something about that some years ago... prolly outdated tho ;)
 
Ctuchik

Ctuchik

FH is my second home
Joined
Dec 23, 2003
Messages
10,460
Danya said:
So how's your office doing Undying, after you brute forced 256-bit in a week, violated the laws of physics and caused the fabric of space-time to collapse into a singularity? ;)
I didn't think computers worked in black holes, guess I was wrong ;p
Click to expand...


u know. it COULD have been sheer bloody luck to... theoretically u need (insert random impossible number here) to crack 256 bit.. but it doesent HAVE to take that long.... if ur lucky. theoretically it could also be done in a few hours.... if ur lucky... ;) see where i'm getting at? :p
 
Boni

Boni

Fledgling Freddie
Joined
Feb 8, 2004
Messages
1,607
Ctuchik said:
u know. it COULD have been sheer bloody luck to... theoretically u need (insert random impossible number here) to crack 256 bit.. but it doesent HAVE to take that long.... if ur lucky. theoretically it could also be done in a few hours.... if ur lucky... ;) see where i'm getting at? :p
Click to expand...

its possible (as opposed to impossible).

Imagine tossing 10 coins in the air at once, you need them to all land in a column standing one on top of eachother on their sides*. It could happen, but its so improbable that even if every person you knew tried for the rest of their lives I doubt you could get 3 coins to fall like that.



*bullshit stat alert I made up, but it serves the point.
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Danya said:
So how's your office doing Undying, after you brute forced 256-bit in a week, violated the laws of physics and caused the fabric of space-time to collapse into a singularity? ;)
I didn't think computers worked in black holes, guess I was wrong ;p
Click to expand...



I never said I did 256 in a week :eek: I said it has been done..for all i know this was just luck ;) we have done 128bit wep in just under a day but that was after a few trys, next time im in work.. ill did out the tool for you and ill host them for you.. and you can have a go @ it your self bearing in mind.. iv only tryed this 4 or 5 times and only once it was done in just under 24h so again it might have been luck also we where using more that 3 Server todo this . :eek: I cannot remember the setup as I did it months ago
 
Boni

Boni

Fledgling Freddie
Joined
Feb 8, 2004
Messages
1,607
Theres a big difference between possible, and oh you could get lucky....

You CANT get that lucky if a decent key has been chosen, given parameters like our lifespan and the computational power available its not possible. Such numbers are hard for some people to put into perspective, but 'oooh we or I got lucky' simply wont happen...

Q: how long would it take someone to crack 128 bit encryption?
When the press talks about "cracking" or "breaking" an encryption algorithm. They always seem to mean this: the "attacker" decrypted a message by guessing the secret key that was used for the encryption. This is not breaking or cracking a particular algorithm. But it does demonstrate the importance of key size. The key size -- the number of bits used to store the key, which is an integer number -- determines the size of the key space, the number of possible keys that can be used. If you knew that to decrypt a message you needed to guess a number between 1 and 10, would you feel challenged? How about between 1 and 1000? How about 1 and 1^38 (1 followed by 38 zeros). That is (roughly) the key space using a 128-bit key. For comparison purposes, let’s use a (so far) non-existent computer that can guess 1 trillion (1 followed by 12 zeroes) keys a second. On average, it would take around 2 million million million (2 followed by 18 zeroes) years to guess the key.
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Some info I thought you might find useful

Info about Wep and how hackers can hack it in 2 to3 weeks with 1 PC this doesnt tell you how.. just explains its possible.
http://www.informit.com/articles/article.asp?p=27666


This is pritty old, but it explain that the tools for hacking wep have been around since 2001 and can be done by capturing between 100mb and 1gb of data
http://www.theregister.co.uk/2001/08/21/tool_dumbs_down_wireless_hacking/

This is a public mag explaining about network/remote hacking over the internet.
http://www.livepublishing.co.uk/pcextreme/networkhacking.shtml?page=1
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Boni said:
Theres a big difference between possible, and oh you could get lucky....

You CANT get that lucky if a decent key has been chosen, given parameters like our lifespan and the computational power available its not possible. Such numbers are hard for some people to put into perspective, but 'oooh we or I got lucky' simply wont happen...

Q: how long would it take someone to crack 128 bit encryption?
When the press talks about "cracking" or "breaking" an encryption algorithm. They always seem to mean this: the "attacker" decrypted a message by guessing the secret key that was used for the encryption. This is not breaking or cracking a particular algorithm. But it does demonstrate the importance of key size. The key size -- the number of bits used to store the key, which is an integer number -- determines the size of the key space, the number of possible keys that can be used. If you knew that to decrypt a message you needed to guess a number between 1 and 10, would you feel challenged? How about between 1 and 1000? How about 1 and 1^38 (1 followed by 38 zeros). That is (roughly) the key space using a 128-bit key. For comparison purposes, let’s use a (so far) non-existent computer that can guess 1 trillion (1 followed by 12 zeroes) keys a second. On average, it would take around 2 million million million (2 followed by 18 zeroes) years to guess the key.
Click to expand...


In the most case hacking doesn’t really even attempt to use this method as I have said b4. they will capture packets and look for the key this way, this has been a known for sometime now, this is apparently changed with IPv5 and just out of curiosity how many ppl to you know who have this protocol installed ?
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Boni said:
Theres a big difference between possible, and oh you could get lucky....

You CANT get that lucky if a decent key has been chosen, given parameters like our lifespan and the computational power available its not possible. Such numbers are hard for some people to put into perspective, but 'oooh we or I got lucky' simply wont happen...

Q: how long would it take someone to crack 128 bit encryption?
When the press talks about "cracking" or "breaking" an encryption algorithm. They always seem to mean this: the "attacker" decrypted a message by guessing the secret key that was used for the encryption. This is not breaking or cracking a particular algorithm. But it does demonstrate the importance of key size. The key size -- the number of bits used to store the key, which is an integer number -- determines the size of the key space, the number of possible keys that can be used. If you knew that to decrypt a message you needed to guess a number between 1 and 10, would you feel challenged? How about between 1 and 1000? How about 1 and 1^38 (1 followed by 38 zeros). That is (roughly) the key space using a 128-bit key. For comparison purposes, let’s use a (so far) non-existent computer that can guess 1 trillion (1 followed by 12 zeroes) keys a second. On average, it would take around 2 million million million (2 followed by 18 zeroes) years to guess the key.
Click to expand...

lol btw nice copy and past from the internet :p
 
Boni

Boni

Fledgling Freddie
Joined
Feb 8, 2004
Messages
1,607
UndyingAngel said:
lol btw nice copy and past from the internet :p
Click to expand...

Should have given the soruce I guess, fairly obvious its not my tyipink skills though ;)
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Boni said:
Should have given the soruce I guess, fairly obvious its not my tyipink skills though ;)
Click to expand...

lol.. ;) I wouldnt have know but I just happend to have it open in a browser looking for links when I was reading your reply :)
 
Boni

Boni

Fledgling Freddie
Joined
Feb 8, 2004
Messages
1,607
UndyingAngel said:
Some info I thought you might find useful

Info about Wep and how hackers can hack it in 2 to3 weeks with 1 PC this doesnt tell you how.. just explains its possible.
http://www.informit.com/articles/article.asp?p=27666
Click to expand...

ah but it does.... ->

Cracking WEP
Now that we understand the basics of how WEP works, let's review a few points.

The IV is sent as plaintext with the encrypted packet. Therefore, ANYONE can easily sniff this information out of the airwave and thus learn the first three characters or the secret key.

Both the KSA and PRGA leak information during the first few iterations of their algorithm. The i will always be 1, and j will always equal S[1] for the first iteration of the PRGA, and the KSA is easily duplicable for the first three iterations due to the fact that the first three characters of the secret key is passed as plaintext.

XOR is a simple process that can be easily used to deduce any unknown value if the other two values are known.

In addition to these previously explained points, there are several more that make WEP dangerous.

There is a 5% probability that the values held in S[0]–S[3] will NOT change after the first three iterations of the KSA. In other words, any hacker can guess what will happen during the KSA process with a 5% likelihood of being correct.

The first value of the encrypted data is always the SNAP header, which equals AA in hex or 170 in decimal form. This essentially means that by sniffing the first byte of encrypted text and XORing it with 170, any hacker can deduce the first output byte of the PRGA.

In the WEP encryption process, it has been determined that a certain format of an IV indicates that it is a weak IV and subject to cracking. The format is (B + 3, 255, x) where B is the byte of the secret key being cracked. However, we know the first three characters due to the IV, so we want to crack the pre-shared password that starts after the IV. The 255 value indicates that the KSA is at a vulnerable point in the algorithm, and the value x can be any value.

etc..



now ill refer you back to my post about implementational details, errors in algorithms and the difference between hacking bad software and actualy breaking a 128bit key.
 
Boni

Boni

Fledgling Freddie
Joined
Feb 8, 2004
Messages
1,607
Boni said:
I think it can only be broken if the algorithm or implementation is flawed. This was the case with the SSL implementation in Netscape in the past, perhaps thats what you where thinking of? But please post any links you have, im no expert on cryptography and would be interested to read about any genuine case of 128bit key encrption being solved without brute force.
Click to expand...

that bit.
 
UndyingAngel

UndyingAngel

Can't get enough of FH
Joined
Jan 21, 2004
Messages
1,957
Boni said:
ah but it does.... ->

Cracking WEP
Now that we understand the basics of how WEP works, let's review a few points.

The IV is sent as plaintext with the encrypted packet. Therefore, ANYONE can easily sniff this information out of the airwave and thus learn the first three characters or the secret key.

Both the KSA and PRGA leak information during the first few iterations of their algorithm. The i will always be 1, and j will always equal S[1] for the first iteration of the PRGA, and the KSA is easily duplicable for the first three iterations due to the fact that the first three characters of the secret key is passed as plaintext.

XOR is a simple process that can be easily used to deduce any unknown value if the other two values are known.

In addition to these previously explained points, there are several more that make WEP dangerous.

There is a 5% probability that the values held in S[0]–S[3] will NOT change after the first three iterations of the KSA. In other words, any hacker can guess what will happen during the KSA process with a 5% likelihood of being correct.

The first value of the encrypted data is always the SNAP header, which equals AA in hex or 170 in decimal form. This essentially means that by sniffing the first byte of encrypted text and XORing it with 170, any hacker can deduce the first output byte of the PRGA.

In the WEP encryption process, it has been determined that a certain format of an IV indicates that it is a weak IV and subject to cracking. The format is (B + 3, 255, x) where B is the byte of the secret key being cracked. However, we know the first three characters due to the IV, so we want to crack the pre-shared password that starts after the IV. The 255 value indicates that the KSA is at a vulnerable point in the algorithm, and the value x can be any value.

etc..



now ill refer you back to my post about implementational details, errors in algorithms and the difference between hacking bad software and actualy breaking a 128bit key.
Click to expand...

lol opps
 
slaaght

slaaght

Fledgling Freddie
Joined
May 6, 2004
Messages
38
sibanac said:
There is a sllight diffrence tho, there is no way to listen in on a quatum transmision without sender and reciver beeing aware of it unless you can break the laws of physics.

brute force against a 256 bit key is technicaly imposible.
If you got all the energy the sun releases for 32 years, you would have enough power to make a computer count from 0 to 2^192 (bruteforce a 192 bit key)
(that is if the computer would have no energy loss what so ever)
this is based on the basic laws of theremodynamics


source bruce schneier, applied cryptography
Click to expand...

Yeah but that's just The Sun. These uber hackers would probably use the power of The Daily Mirror and The Star too ;)

More seriously, this is all nice theoretical stuff, but brute force is never the answer to breaking modern cryptography.

Hard to remember password - people write it down
Easy to remember password - others may guess it, dogs name, number plate etc.

"Hello this is Dave from the helpdesk. We're investigating the security of the desktop accounts and need to log in as you to test your network shares. We can change your password and you'll need to log out, or if you don't mind letting us have your login we can do it now without needing to log you out." etc. etc.
 
B

Belomar

Part of the furniture
Joined
Dec 30, 2003
Messages
5,107
Let's get back to the main point: the classic irony of Elewyth being hacked after countless times of assuming the cold, lonely high moral ground in these matters. :cool:
 
R

Rookiescot

Fledgling Freddie
Joined
Jan 16, 2004
Messages
816
All this hacking and cracking ..... pfft.
Much easier just to break into someones home and steal the post-it pads stuck to the monitor. :)
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top Bottom