Charlie was getting ready to head home when the phone rang. Caller ID showed it
ID: 3700340 • Letter: C
Question
Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter.
“Hi, Peter,” Charlie said into the receiver. “Want me to start the file cracker on your spreadsheet? It should only take me a couple of minutes to crack the password.”
“No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I’m worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back?”
“We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.”
“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”
Discussion Questions:
Answer the following questions thoroughly. Upload your answers or type them in the below space, with each question/answer numbered.
Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?
Explanation / Answer
1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
I assume Charlie is saying that it will take couple of minutes to crack passphrase using brute force attack. If this is the case then Yes Charlie is exaggerating in this matter. As the time required to break the passphrase depends on the length of the passphrase. More the length, more will be the possibilities or permutations which needed to be tested. So couple of minutes are not enough even if passphrase length is short.
If my assumption is wrong and Charlie is saying that it will take couple of million years to break the passphrase, then also this exaggeration, as, million years is alot of time, and breaking a passphrase of finite length will take alot of time but not in terms of million years.
2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?
There are alot of tools available other than PKI based which can be used to crack password. eg. There are some black hat softwares available such as Hiren Boot CD, Windows Password Changer (WPC), etc