If you use 256 AES encryption with a 50 character password how long...

BomberAF · 06 Nov 2010

would a brute force attack take to crack the code if you used alpha numeric as well as special symbols?

I have been lead to believe that it would take a super computer many many years to crack but I am not to sure of this so can you please help to shed some light on this.

My reason for wanting to know this is because I used bitlocker and WinZip to encrypt my drives and folders, and they both use AES 256 encryption. I know that every type of security is breakable given time, effort and the will to do it, but what would be the time frame for this scenario.

Regards

AF

A Guy · 07 Nov 2010

Even with a supercomputer designed specifically for the task, I'd say we're still talking hundreds of years, if not thousands. Baring an incredible stroke of luck of course. I found this:

AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. A device that could check a billion billion (1018) AES keys per second would require about 3×10'51 (that's 10 to the 51st power) years to exhaust the 256-bit key space.

Brute force attack - Wikipedia, the free encyclopedia

A Guy

jav · 08 Nov 2010

It will take ages.

In reality, noone will even try to break that kind of encryption with simple bruteaforce attack. It is silly.

Today's encryption is mathematically almost impossible to break.

Problem is not with an encryption. Problem lays how it was implemented.

Nowadays, people don't break encryption with bruteaforce (maybe that do, but thats stupid

).

Actually most even don't break encryption itself.
As far as I know, most of the breaks are due to flaws on Implementation!

It is not a problem of encryption. Encryption is broken due to weak points of ways of Implementation of it or weak points of software that does it.

(I am not taking into account dictionary attack, keyloging because they are different subject)

I am not saying encryption is perfect or unbreakable. I am just saying that it is A LOT easier to find flaws on Implementation of it.

For example, it may take just 2 minutes If Microsoft has a back-door to Bitlocker... ( I am not trying to accuse them, it was just an example which was relevant to your case)