|
448-bit
Blowfish encryption
..What
does that actually mean ?
Cryptography
enables software to transform text
into an unreadable format. Using cryptography to encode a
message is called 'encryption' and
the opposite process of making it
readable again is called called
'decryption'. Blowfish is a strong symmetric encryption algorithm
designed by Bruce
Schneier.
Attempting to 'decrypt' an encrypted
message without knowing the key is
generally referred to as ‘cracking’.
Any
attempt to crack an encrypted
message by systematically trying
all possible password combinations (until
the right combination is found) is
referred to as a ‘brute-force’ attack.
In
regard to the strength of an
encryption algorithm - the rule of
thumb is length = strength.
In essence, the longer the password,
the longer it will take a
brute-force attack to find the correct password combination to your
encrypted message. However, the
character variation of a password is also very important.
Encryption
strength is measured in bits.
Some cryptography algorithms offer
40-bit, 96-bit, 128-bit, and even 256-bit strength
encryption. Blowfish can
encrypt messages using up to 448-bit
strength.
Why
is bit strength and length so
important?
..I still don't get it! 
The longer (and more complex) your
password the greater the strength of
the encryption method when using it to encrypt a
message. Complexity is increased by
using a password that has a variety of mixed-case, numerical
and even non-alphanumeric characters
like *, @, £, #,
& etc. However, the average person
typically only uses alpha-numeric
characters because a password that is
too complex is more difficult to
remember.
The
following examples explain 'how many'
brute-force combinations would have
to be checked to find your password of a given
length, and character complexity:
The time for the
brute-force-crack are based on a
computer that is able to
perform 1,000,000,000 (one 'US' billion)
password attacks per second. This
degree of processing is now possible using the parallel
processing power of Graphics
Processing Units (GPU) found in modern gaming graphics
cards.
(Google search [ Elcomsoft ]
).
The
tables below shows some example
statistics based on different
password lengths and complexity. Note, the brute-force-crack times
are divided by
2
(because on average
only half the possible password combinations would have to be tested
before the correct one is
found.
Password
complexity: Single Case Letters Only.
Your
password
uses all lower case (or all
upper case) characters, but
not both.
For
example: matrixseven
or MATRIXSEVEN
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
4.7
bit |
26 |
blink! |
| 2 |
9.4
bit |
676 |
blink! |
| 3 |
14.1
bit |
17,560 |
blink! |
| 4 |
18.8
bit |
456,419 |
blink! |
| 5 |
23.5
bit |
11,863,283 |
blink! |
| 6 |
28.2
bit |
308
Million
308,000,000 |
blink! |
| 7 |
32.9
bit |
8
Billion
8,000,000,000 |
4
seconds |
| 8 |
37.6
bit |
208
Billion
208,000,000,000 |
104
seconds |
| 9 |
42.3
bit |
5.4
Trillion
5,400,000,000,000 |
45
minutes |
| 10 |
47
bit |
140.7
Trillion
140,700,000,000,000 |
20
hours |
| 11 |
51.7
bit |
3.6
Quadrillion
3,600,000,000,000,000 |
21
days |
| 12 |
56.4
bit |
95
Quadrillion
95,000,000,000,000,000 |
1.5
years |
Password
complexity: Single Case Letters
and Numbers.
Your
password
uses all lower case (or all
upper case) characters and
numbers.
For
example: matrixse7en
or
MATRIXSE7EN
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
5.17
bit |
36 |
blink! |
| 2 |
10.3
bit |
1260 |
blink! |
| 3 |
15.5
bit |
46,340 |
blink! |
| 4 |
20.6
bit |
1,589,344 |
blink! |
| 5 |
28.8
bit |
467,373,275 |
blink! |
| 6 |
31
bit |
2
Billion
2,000,000,000 |
1
second |
| 7 |
36.1
bit |
73
Billion
73,000,000,000 |
36
seconds |
| 8 |
41.3
bit |
2.7
Trillion
2,700,000,000,000 |
22.5
minutes |
| 9 |
46.5
bit |
99.5
Trillion
99,500,000,000,000 |
13.8
hours |
| 10 |
51.6
bit |
3.4
Quadrillion
3,400,000,000,000,000 |
20
hours |
| 11 |
56.8
bit |
125
Quadrillion
125,000,000,000,000,000 |
19.7
days |
| 12 |
62
bit |
4.6
Quintillion
4,600,000,000,000,000,000 |
73
years |
Password
complexity: Mixed Case Letters.
Your
password
uses lower and upper case
characters.
For
example: mAtriXseVen
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
5.7
bit |
52 |
blink! |
| 2 |
11.4
bit |
2702 |
blink! |
| 3 |
17.1
bit |
140,479 |
blink! |
| 4 |
22.8
bit |
7
Million
7,000,000 |
blink! |
| 5 |
28.5
bit |
379
Million
379,000,000 |
blink! |
| 6 |
34.2
bit |
19
Billion
19,000,000,000 |
10
seconds |
| 7 |
39.9
bit |
1
Trillion
1,000,000,000,000 |
8
minutes |
| 8 |
45.6
bit |
53
Trillion
53,000,000,000,000 |
7
hours |
| 9 |
51.3
bit |
3
Quadrillion
3,000,000,000,000,000 |
17
days |
| 10 |
57
bit |
144
Quadrillion
144,000,000,000,000,000 |
2.2
years |
| 11 |
62.7
bit |
7
Quintillion
7,000,000,000,000,000,000 |
118
years |
| 12 |
68.4
bit |
389
Quintillion
389,000,000,000,000,000,000 |
6174
years |
Password
complexity: Mixed Case Letters
and Numbers.
Your
password
uses numbers, lower case and
upper case characters.
For
example: mAtriXse7en
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
5.95
bit |
62 |
blink! |
| 2 |
11.9
bit |
3821 |
blink! |
| 3 |
17.8
bit |
228,209 |
blink! |
| 4 |
23.8
bit |
14.6
Million
14,600,000 |
blink! |
| 5 |
29.7
bit |
872
Million
872,000,000 |
blink! |
| 6 |
35.7
bit |
55
Billion
55,000,000,000 |
28
seconds |
| 7 |
41.6
bit |
3.3
Trillion
3,300,000,000,000 |
27
minutes |
| 8 |
47.6
bit |
213
Trillion
213,000,000,000,000 |
29
hours |
| 9 |
53.5
bit |
12.7
Quadrillion
12,700,000,000,000,000 |
2.4
months |
| 10 |
59.5
bit |
815
Quadrillion
815,000,000,000,000,000 |
13
years |
| 11 |
65.4
bit |
48.6
Quintillion
48,600,000,000,000,000,000 |
771
years |
| 12 |
71.4
bit |
3.1
Sextillion
3,100,000,000,000,000,000,000 |
49,397
years |
Password
complexity: Mixed Case Letters, Numbers
and Punctuation.
Your
password
uses numbers, lower case
characters, upper case
characters and punctuation.
For
example: m@triXse7en
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
6.56
bit |
95 |
blink! |
| 2 |
13.1
bit |
8780 |
blink! |
| 3 |
19.7
bit |
851,708 |
blink! |
| 4 |
26.2
bit |
77
Million
77,000,000 |
blink! |
| 5 |
32.8
bit |
7.4
Billion
7,400,000,000 |
3.7
seconds |
| 6 |
39.4
bit |
725
Billion
725,000,000,000 |
6
minutes |
| 7 |
45.9
bit |
65
Trillion
65,000,000,000,000 |
9
hours |
| 8 |
52.5
bit |
6.3
Quadrillion
6,300,000,000,000,000 |
37
days |
| 9 |
59.1
bit |
617
Quadrillion
617,000,000,000,000,000 |
9.8
years |
| 10 |
65.6
bit |
55.9
Quintillion
55,900,000,000,000,000,000 |
886
years |
| 11 |
72.2
bit |
5.4
Sextillion
5,400,000,000,000,000,000,000 |
86,000
years |
| 12 |
78.8
bit |
526
Sextillion
526,000,000,000,000,000,000,000 |
8.3
Million
years |
Password complexity: All ASCII
Character set groups in use.
Your
password
uses all available
characters in the standard ASCII
characters set.
For
example: m@trîXše7ën
| Password
length |
Encryption
strength |
Number
of 'guesses' required |
Brute-force
time to find password / 2
(at 1 billion guesses
per second)
|
| 1 |
8
bit |
256 |
blink! |
| 2 |
16
bit |
65,536 |
blink! |
| 3 |
24
bit |
16.7
Million
16,777,216 |
blink! |
| 4 |
32
bit |
4.2
Billion
4,200,000,000 |
blink! |
| 5 |
40
bit |
1
Trillion
1,000,000,000,000 |
8.3
minutes |
| 6 |
48
bit |
281
Trillion
281,000,000,000,000 |
6
minutes |
| 7 |
56
bit |
72
Quadrillion
72,000,000,000,000,000 |
39
hours |
| 8 |
64
bit |
18.4
Quintillion
18,400,000,000,000,000,000 |
37
days |
| 9 |
72
bit |
4.7
Sextillion
4,700,000,000,000,000,000,000 |
9.8
years |
| 10 |
80
bit |
1.2
Septillion
1,200,000,000,000,000,000,000,000 |
886
years |
| 11 |
88
bit |
309
Septillion
309,000,000,000,000,000,000,000,000 |
86,000
years |
| 12 |
96
bit |
79
Octillion
79,000,000,000,000,000,000,000,000,000 |
8.3
Million
years |
56
Maxinote
password
extension
feature |
448
bit |
..is
there even a word for this
number?
726,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,000,
000,000,000,000,000,000,000,
000,000,000,000,000,000,
000,000,000,000,
000,000 |
Brute-force
is ineffective!
1936
|
Maxinote
will attempt to utilise the full
ASCII Character Set and extend your
password to
56 characters whenever possible in
order to achieve full 448-bit
encryption
strength.
In summary,
there are only three things to
remember when it comes to passwords:
(1)
Do not use obvious passwords, such as
words found in a
dictionary.
Dictionary words can be cracked in a
second.
(2) The
longer and more mixed (numbers
& character) your password the
harder it will be to crack.
However,
long passwords are also easier to
forget, so consider using an
intuitive alpha-numeric
pass-phrase
instead (e.g. 7even8ight9ine)
(3) Do
not forget your password! If you
do - there is no way to decrypt
and re-open
your encrypted note!
|
