Can AES-256 be broken?

[truthseeker]

I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?

[koala]

Have you seen the latest replies to this question in your other thread? http://www.wilderssecurity.com/showthread.php?p=1261571

Quote:

Originally Posted by Pleonasm_post#19

…taking maximum advantage of the full strength of AES encryption requires a password of approximately 32 characters for 128-bit encryption and 64 characters for 256-bit encryption.

Quote:

Originally Posted by dantz_post#20

I hope you realize that every time you open one of your encrypted files it's written to a temp folder as plaintext. This is the major weakness of all zip encryption. So keep on wiping! Or choose a method of encryption that doesn't writes plaintext to disk.

[truthseeker]

Quote:

Originally Posted by koala

Have you seen the latest replies to this question in your other thread? http://www.wilderssecurity.com/showthread.php?p=1261571

Is Wildersecurity run by the same people who run this website?

I asked there as well as it seems to have more traffic there.

[koala]

No, we're not affiliated with Wildersecurity at all, but I think some of our Security team post over there. It just takes a quick google to find cross-posts.

It looks like you'll need to increase the length of your password to get better encryption. Also, if the data is really private and you've opened the file, remember to wipe the drive's free space after deleting it with something like Sure Delete.

[sobeit]

Quote:

Originally Posted by truthseeker

I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?

anything can be cracked. as they say about locks, they are made for innocent not the guilty. As far as how long it would take, depends upon the person and their tools.

[koala]

Quote:

Originally Posted by truthseeker

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?

There are too many variables to give an accurate answer - length of password, characters used, speed of CPU, program/method used for cracking, etc. I think if anyone wanted access to the encrypted data, they would probably get a quicker result by using data recovery software to go through your 'deleted' files rather than try to crack the zip password.

[truthseeker]

Quote:

Originally Posted by koala

No, we're not affiliated with Wildersecurity at all, but I think some of our Security team post over there. It just takes a quick google to find cross-posts.

It looks like you'll need to increase the length of your password to get better encryption. Also, if the data is really private and you've opened the file, remember to wipe the drive's free space after deleting it with something like Sure Delete.

Yep, good comment. I have increased by password from 14 to 26, and believe it or not, I remember it in my head :-)

And yes another good point, I use Eraser to do a wipe of the original file itself and the free space.

Thank you for your help. I am happy and content now to keep using the 7z AES-256 encryption and confident it will protect me from the average person if they ever gain access to my laptop.

P.S So using google I guess you find a lot of cross-posts, you sneaky bugger :) hehe.

[truthseeker]

Quote:

Originally Posted by sobeit

anything can be cracked. as they say about locks, they are made for innocent not the guilty. As far as how long it would take, depends upon the person and their tools.

Yep. And the time it would take an average person who may gain access to my laptop to break my 7z programs AES-256 encryption, by then I would probably have changed my bank details and pins :) So then their cracked 7z file would be useless anyway :)

[MarAttacker2000]

Quote:

Originally Posted by truthseeker

I am using 7z to create archives and to encrypt them.

http://www.7-zip.org/

7z uses AES-256 password encryption.

But I have seen some 7z password recovery programs on the internet.

Does this mean someone can crack or break my 7z AES-256 encrypted files?

I am using a non-dictionary password that is 14 characters long.

How long would it take, using the latest PC's, a brute-force attack on my 7z AES-256 archives to find and crack the password?

People are dancing around the easy answers:

1. Yes you can crack a 14 character pw. Did you find the name of one of the programs targeted at 7zip yet? There are a bunch. I'm getting 12.8million guesses/sec on my spare box right now. Usually on this sort of game i have one machine that knocks out dictionaries and small pw/low number of character classes. Then I have a stack of g5s that sit there and crank through in paralel for harder longer pws. When I guess them, I send my users email and tell them their pw and request they reset.

2. Govt cracking - Ever heard of a DSP? there are 2 main concepts. Dedicated chips and hashes. Chips that have a sole job of decrypting, or in the smart case of encrypting. All smart agencies have loads of hardware generating hash tables. There are many creative ways even with salts to get around this stuff. Anyhow brute force is dum. A simple database lookup and then a trial of those hashes is fast and easy. Your 14 char pw was pwned before you even wrote it.

[johnwill]

And why would you bother?

[truthseeker]

Quote:

Originally Posted by MarAttacker2000

People are dancing around the easy answers:

1. Yes you can crack a 14 character pw. Did you find the name of one of the programs targeted at 7zip yet? There are a bunch. I'm getting 12.8million guesses/sec on my spare box right now. Usually on this sort of game i have one machine that knocks out dictionaries and small pw/low number of character classes. Then I have a stack of g5s that sit there and crank through in paralel for harder longer pws. When I guess them, I send my users email and tell them their pw and request they reset.

2. Govt cracking - Ever heard of a DSP? there are 2 main concepts. Dedicated chips and hashes. Chips that have a sole job of decrypting, or in the smart case of encrypting. All smart agencies have loads of hardware generating hash tables. There are many creative ways even with salts to get around this stuff. Anyhow brute force is dum. A simple database lookup and then a trial of those hashes is fast and easy. Your 14 char pw was pwned before you even wrote it.

You are full of words, no action. PROVE IT that you can crack an encrypted file.

I have uploaded an encrypted Winrar file and inside it there is a text file with a word written. Tell me the word written inside the file and prove you can crack it.

Grab the file from here:

http://rapidshare.com/files/138330671/encrypted.rar

NO TALK, ONLY ACTION! Crack that file, tell me the "secret word" inside the encrypted file.

[johnwill]

That guy is all hat, no cattle.

[truthseeker]

Quote:

Originally Posted by johnwill

That guy is all hat, no cattle.

Well I am still waiting for MarAttacker2000 to show me some action. No more talk, just action.

I even sent MarAttacker2000 an private message giving him the challenge to break that encrypted file and tell me the word inside the text file. After all, he claimed he can break an encrypted file, and gave me the impression he is very good at it and has the "right tools".

Yet I am still waiting. And I guess I will be waiting for another 3 millions years before he can break it LOL

[Mcninjaguy]

no body cares, hoho look at me talk I have no action only talk, MAD yet hehe

use truecrypt if your worried about encryption
it uses 3 256 bit encryption programs and you can use a "File" key and a password
http://www.truecrypt.org/downloads.php

stop being so paranoid
If they stole your laptop all they would have to do is cool your ram down and transfer it to a seperate laptop..... so HA!
http://forum.japantoday.com/viewtopic.php?f=11&t=981559

[peterhuang913]

Dude, you're just paranoid. The truth is: any kind of encryption system can be cracked.

If I got my hands on your laptop, I'd just format it and use it as it is.

Quote:

Originally Posted by truthseeker

Yep. And the time it would take an average person who may gain access to my laptop to break my 7z programs AES-256 encryption, by then I would probably have changed my bank details and pins :) So then their cracked 7z file would be useless anyway :)

Number 1 problem with you: you keep your bank info on your computer.

[truthseeker]

Quote:

Originally Posted by Mcninjaguy

no body cares, hoho look at me talk I have no action only talk, MAD yet hehe

use truecrypt if your worried about encryption
it uses 3 256 bit encryption programs and you can use a "File" key and a password
http://www.truecrypt.org/downloads.php

stop being so paranoid
If they stole your laptop all they would have to do is cool your ram down and transfer it to a seperate laptop..... so HA!
http://forum.japantoday.com/viewtopic.php?f=11&t=981559

Are you claiming that if I encrypt a file using Winrar or Truecrypt, all a person need do is "cool my ram down and transfer it to a seperate laptop" and then wham, all encryption from the file is now gone and the files wide open? haha

[truthseeker]

Quote:

Originally Posted by peterhuang913

Dude, you're just paranoid. The truth is: any kind of encryption system can be cracked....

Full of words, all talk, no action.

Download the Winrar encrypted file I uploaded (see link above) and prove to me that you can crack the file :) PROVE IT!