FYI: Steam accounts were hacked (around 10th November)

[LP]

256-bit encryption is still nowadays secure. In computer theory it's quantum computers that some decades later may revolutionize decryption, but modern supercomputers can't do it.

Yes, but you need to consider what type of data is being encrypted. For large text documents of unpredictable data - sure, it's pretty secure. Now consider credit card number, which uses only 16 digits (which itself fits only in 128-bit block), some of which can be easily guessed using regional information from the user. You don't need even a super computer to crack this. Yes, there are ways to make it more secure by adding random data and such, but as I said before, I doubt they even use encryption in the first place, let alone other advanced techniques.

It even uses GPU power to greatly utilize all the power computer has for MD5 hash cracking. If you assume that word is only 1..8 characters long (256-bit would mean 32 characters) and only contain small letters from a..z it will take many hours. Now add numbers and big letters in the force and it'll take forever...

On your integrated Nvidia card... sure, it may take some time. But have you tried running it on more serious personal computer or nice entertainment system?

[User137]

On your integrated Nvidia card... sure, it may take some time. But have you tried running it on more serious personal computer or nice entertainment system?

How did you go and guess that? I can actually play Crysis and Skyrim on high settings smoothly. It's a computer built from custom parts, but more than year ago.

I dare you to try that... There was a small programming challenge about it some month back, about MD5. If you use Google Chrome it will propably translate it properly:
http://www.ohjelmointiputka.net/posti.php?tunnus=md5h

In short, there is a list of hashes in file where first line hash is 1 character, second 2 character... and finally 20 character long word hashed. These all only consist of small a..z. Many good people have tried it, and best break is only 11 characters long hash. I was able to do 9, with limiting search ranges and guessing. That is why i say, if it has capital letters and numbers i'd not have even broken 8.
The words are random; 5 character word could well be like "asgwz".

Oh.. and MD5 is designed to be a fast hash to make for file verification. RSA256 is designed for encryption, and much slower to calculate for single word.

[LP]

How did you go and guess that? I can actually play Crysis and Skyrim on high settings smoothly. It's a computer built from custom parts, but more than year ago.

I have added the smile after my question to identify it as a rhetorical. My point was that the hardware used in question may affect computational time greatly (by a factor of ten and more). And seriously, your machine is close to the ones I've mentioned? Did you check their specs? Quad Nvidia GTX 480, 1920 CUDA cores in total, dual Intel Xeon clocked at 4.3 Ghz with 12 physical cores total and 24 logical cores total... My rig can also run Crysis smoothly at highest settings, but it's nowhere near the above specs.

[User137]

I did see the links, but they are not supercomputers that i mentioned, they are like this:

256-bit encrypted text which any password can be made into, is unbreakable for them. I didn't find very good references yet, but this is some:
http://en.wikipedia.org/wiki/Key_siz...e_force_attack
or this: http://www.innovativedevice.com/keyo...k/Exemple2.asp
or how maker of password recovery tool explains, that length of 8 small a..z characters would take 3 years on his home computer
http://www.dekart.com/howto/howto_di...lost_password/

[paul_nicholls]

I did see the links, but they are not supercomputers that i mentioned, they are like this:

Ma! Ma!...can I have one of those for christmas Ma?...please??!?

[SilverWarior]

@User137
Your last link point to an article wich explains aproximate times wich would be needed for password breaking. But have you checked on what kind of a computer (P4 1.6 GHz with 512 MB of RAM). Man that's almost ten years old computer now. If you check http://www.cpubenchmark.net/cpu_list.php wich provide some benchmarking results you could se that Intel Pentium 4 1.4GHz processor got Passmark CPU Mark score 166 , while my AMD Turion X2 Dual Core Mobile RM-70 wich I have on my laptop got Passmark CPU Mark score 1019. That means that my processor has about 6 times more computational power than Intel Pentium 4 1.4GHz wich would result in using 6 times les time for data decryption. And my processor isn't near as powerful as some other processors are today. Acording to the benchmarks on pre mentioned page the processor with the most processing power is Intel Core i7-3930K @ 3.20GHz wich have Passmark CPU Mark score 15153. That is prox. 91 times more than Intel Pemtiom 4 1.4GHz. This means that it would dercypt the data about 90 times faster. So don't belive the times in that old article of yours.
And until now I was only talking about decryption with the plain power of CPU while also utilizing GPU power makes decryption much fster, upto 7 times faster on recent graphics cards and that is by asumption that you use only one graphic card. But if your system has more than one graphic card the gain would be even greater.

Now imagine that you use 1000 computers equiped with Intel Core i7-3930K @ 3.20GHz processor, each also utilizing the power of graphic card and do some calculation in what would be the requred time for breaking data 256- bit encyption.

[User137]

Yes i did see that it is an old article... I also noticed that it paid no attention to encryption algorithm, only that it will attempt a password bruteforce with all possibilities. It depends on encryption, software built in delays for password attempts and so forth.

1.6GHz is not actually too old computer. Even if modern gaming PC is 100 times faster it's still not reaching the speeds required. Multiply mega multimedia PC by 1000 and we are still only at 100000 readings. The calculation times for this kind of encryption at 256 characters is a number with thousands of zeroes. He didn't even display it, you can only talk about it in theory level as they are too large numbers to put on a calculator.

I mean, the number 3.3 years (or 1204days) was a little irrelevant to the topic because passwords aren't normally just small letters. 4032yrs he counts for a..Z,0..9 which is 1471680 days. Given 100000 times more processing power multimedia computer network would crack that in 2 weeks. Now add to that a complex encryption algorithm that multiplies calculation time for single word by 1000. That's propably what AES-256 or something would do.

Then add salt to the password to make it 256 characters long and the calculation time goes out of charts.