Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Cloud storage
Safest cloud storage site
Message
<blockquote data-quote="Wave" data-source="post: 557063"><p>If he uses a complex password for his archive and the cloud becomes compromised and an attacker obtains his archive, it wouldn't be worth the investment of his time to wait for a brute-force attack to become successful to crack the archive password. Even if he is dedicated for waiting, depending on how complex the password is, it could take a dozen years to crack it via brute-force attacks - also depending on his system power for the calculations of speeding through the generated password guesses and applying them to the archive.</p><p></p><p>For example if his password which had a length of 182 characters like: £&(##(7719*!((nsnsjsuw***!*!(!ham\REGIS000TRY\\MA1CHINE\\SOFT99921WAREsan#dwich&"(!!!chRunOnceeese!!(("*&^^%3338764bacon(!))##NtTermi33319981nateProcess[Proc811essHandleNtStatus]+888 - then this would take a very long time to crack compared to other standard passwords... Not just because it is long, but also due to the complexity addition (lots of usage of special characters, numbers, and also normal characters). Once the AES-256/RSA-2048 key has been generated from the password, good luck with brute-forcing the key!</p><p></p><p>Use as long and as complex as a password as you can manage. Just make sure you have a backup of the password in various places which only you can access so you can recover your files from the archive should you lose it and need to re-download it - since you'll then need the password, otherwise you'll be struggling like the attacker to brute-force into the archive yourself. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p><p></p><p>Anyway, chances are if an attacker found a random archive after compromising a cloud network which is heavily password-protected (they wouldn't even know how complex the password is, they'd have to take the risk of wasting their time if they can be bothered), he would most likely give up with any brute-force attacks after realising that the password is complicated due to the archive not becoming brute-forced within a day of his system running a brute-force software for archive passwords.</p><p></p><p>However it won't be the actual password which someone will try to brute-force in most cases, but the actual private key. If the password is long and complex then they won't be able to just brute-force the short password, they'll need to brute-force the key. Which is the main problem.</p><p></p><p>Think about it carefully... If brute-force was as quick and easy as it may seem, then how come top government agencies have extreme difficulty with it? There's a reason why companies use algorithms like AES-256 and RSA-2048 for the private keys...</p><p></p><p>Do the math. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p><p></p><p>Check this for more info: <a href="https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/" target="_blank">Time and energy required to brute-force a AES-256 encryption key. • /r/theydidthemath</a></p></blockquote><p></p>
[QUOTE="Wave, post: 557063"] If he uses a complex password for his archive and the cloud becomes compromised and an attacker obtains his archive, it wouldn't be worth the investment of his time to wait for a brute-force attack to become successful to crack the archive password. Even if he is dedicated for waiting, depending on how complex the password is, it could take a dozen years to crack it via brute-force attacks - also depending on his system power for the calculations of speeding through the generated password guesses and applying them to the archive. For example if his password which had a length of 182 characters like: £&(##(7719*!((nsnsjsuw***!*!(!ham\REGIS000TRY\\MA1CHINE\\SOFT99921WAREsan#dwich&"(!!!chRunOnceeese!!(("*&^^%3338764bacon(!))##NtTermi33319981nateProcess[Proc811essHandleNtStatus]+888 - then this would take a very long time to crack compared to other standard passwords... Not just because it is long, but also due to the complexity addition (lots of usage of special characters, numbers, and also normal characters). Once the AES-256/RSA-2048 key has been generated from the password, good luck with brute-forcing the key! Use as long and as complex as a password as you can manage. Just make sure you have a backup of the password in various places which only you can access so you can recover your files from the archive should you lose it and need to re-download it - since you'll then need the password, otherwise you'll be struggling like the attacker to brute-force into the archive yourself. :D Anyway, chances are if an attacker found a random archive after compromising a cloud network which is heavily password-protected (they wouldn't even know how complex the password is, they'd have to take the risk of wasting their time if they can be bothered), he would most likely give up with any brute-force attacks after realising that the password is complicated due to the archive not becoming brute-forced within a day of his system running a brute-force software for archive passwords. However it won't be the actual password which someone will try to brute-force in most cases, but the actual private key. If the password is long and complex then they won't be able to just brute-force the short password, they'll need to brute-force the key. Which is the main problem. Think about it carefully... If brute-force was as quick and easy as it may seem, then how come top government agencies have extreme difficulty with it? There's a reason why companies use algorithms like AES-256 and RSA-2048 for the private keys... Do the math. ;) Check this for more info: [URL='https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/']Time and energy required to brute-force a AES-256 encryption key. • /r/theydidthemath[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
