Ace on Tech » Security

To crack 17-character AES password: 100 years and 1 billion dollars

Ace — Sat, 29 Mar 2008 15:45:35 +0000

In my previous ‘Free File’ article, I briefly reviewed the open-source compression-utility 7-Zip. Like most other archiving tools, 7-Zip is also capable of encrypting your files. To do this, it utilizes industry standard AES-256 encryption (a.k.a. Rijn Dael) and recommends a password strength of 10 characters or more. The Help-function in 7-Zip has a nice illustration of what it would take to crack a secure AES password.

In accomplish this, one would need:

cesspools of time
a processor that can check 10 passwords per second
to check 10 billion passwords per second, a budget of at least 1 billion dollars

To illustrate the importance of adequate password length, here’s a comparative table:

Password Length	Single User Attack	Organization Attack
1	2 s	1 s
2	1 min	1 s
3	30 min	1 s
4	12 hours	1 s
5	14 days	1 s
6	1 year	1 s
7	10 years	1 s
8	19 years	20 s
9	26 years	9 min
10	37 years	4 hours
11	46 years	4 days
12	55 years	4 months
14	64 years	4 years
15	82 years	22 years
16	91 years	31 years
17	100 years	40 years

'Frightening' XP hack

Ace — Fri, 16 Nov 2007 21:48:54 +0000

As I was listening to Dvorak’s 5 minute rant this morning (Tech5 at PodShow) he mentioned this article. He stabbed the life out of it and he was right too. It’s an amusing read, certainly if you keep one word in the back of your mind: FUD (Fear, Uncertainty, Doubt — as quoted by Michael Horowitz); utter gibberish spread to lure people away from XP in order to sell more Vista copies. I’m not saying moving to Vista isn’t a good thing (I, for one haven’t seen too many bad things about it, not more than I’ve experienced with XP), but it’s obvious they’re pulling the whole thing out of context here, as an advertising stunt.

First of all, running an XP machine with SP1 deserves death penalty. Second: who the heck doesn’t run any form of security app on this kind of machine?! This is beyond me, really. Nonetheless, it’s worth a read, even if it’s just for the sake of a good laugh.

From ZDNET.com:

… Connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software …

“You can download attack tools from the Internet, and even script kiddies can use this one,” said Mick.

…

And blah blah blah. Funny. Ignorant.

First Mac Virus

Ace — Sat, 17 Feb 2007 21:15:28 +0000

Computer analysts are going berserk on the arrival of the first virus capable of infecting the Macintosh Operating System. MacOS has always been seen as less susceptible to viruses, in contrast with Microsoft Windows. This illusion has now been unearthed, leaving the Mac community at least a bit shocked. The virus is called A-leap (or Oompa Loompa) and comes disguised as an image file.

Apple has not released any comment to date.

Security Issues in FF and IE

Ace — Mon, 12 Feb 2007 22:00:12 +0000

Mozilla is seemingly addressing security patches a lot faster than its competitor Microsoft. In 2005, it took Microsoft at least 38 days to address a publicly known and actively used exploit. Unused exploits took MS 256 days to patch. Firefox, on the other hand, only took 16 days to seal comparable vulnerabilities.
The difference lies within Firefox’ open nature. The public knows about the flaws and is allowed to look into the code, possibly even contributing to the patch. Aside from this fact, there’s also the the market-share factor. Internet Explorer still owns 85% of the browser-market, making it much more of a target to hackers, because of this fact IE experiences substantially more security issues.

Whichever browser you choose, keeping your software up to date is a must.