-4

How to break the DES encryption algorithm....using which programming language, it is most efficient.

Adi_aks
  • 501
  • 4
  • 18
  • 12
    If you have to ask, doing this isn't for you. – Boojum Sep 22 '10 at 05:28
  • 2
    You expect to get an answer to a two sentence question about something even security experts [haven't had much success with](http://en.wikipedia.org/wiki/Data_Encryption_Standard#Security_and_cryptanalysis) for years and that whole research papers have been written about?! – deceze Sep 22 '10 at 05:34
  • @deceze: You should see this http://oreilly.com/catalog/9781565925205 And there are tools available to crack the DES...such as John The Ripper and even you can download the source code for the same.... – Adi_aks Sep 22 '10 at 05:51
  • 2
    To quote your link: `...designed and built a $200,000 machine that cracks DES in a week.` All feasible DES attacks are based on **brute force**. That doesn't really mean that DES is *cracked*, it means it's possible to guess the encrypted text given enough money and time, a property *all* encryption algorithms have in common. JTR's `primary purpose is to detect weak Unix passwords`, which means the same thing. DES may be one of the more feasibly brute-forcable algorithms, it still doesn't mean the same thing as *cracked*. – deceze Sep 22 '10 at 06:06
  • @deceze: Do u mean to say that JTR is meant for cracking DES encrypted password?? – Adi_aks Sep 22 '10 at 06:11
  • @deceze: Here is a demonstration on cracking the DES encrypted password using JTR...http://www.osix.net/modules/article/?id=455 – Adi_aks Sep 22 '10 at 06:14
  • 2
    Huh? I'm saying JTR is also only brute-forcing an encrypted value, with a focus on known weak passwords, it doesn't *crack* DES. Choose a strong enough password and JTR will have a hard time. – deceze Sep 22 '10 at 06:15
  • JTR can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. – Adi_aks Sep 22 '10 at 06:18
  • 6
    I will stop here and wait until you understand what *brute-force* means. – deceze Sep 22 '10 at 06:19
  • brute-force means checking the password, with all possible combination of a-z,A-Z,0-9 and special characters with variable password length. – Adi_aks Sep 22 '10 at 06:23
  • 2
    Exactly. Which means you're not *cracking the algorithm*, you're only guessing the encrypted value. *Cracking the algorithm* would mean there's an inherent weakness in the algorithm that lets you reverse engineer the original value from the cypher text without needing to try every possible combination. That's quite an important difference. – deceze Sep 22 '10 at 06:27
  • No doubt, it will take a lot of computations and time to crack the password. But, it will crack the password... – Adi_aks Sep 22 '10 at 06:27
  • But, now if you have strong processor to perform these computations in small amount of time, then you easily minimize time required to crack a strong password. Ultimately, the strength of password is immaterial. – Adi_aks Sep 22 '10 at 06:40
  • 2
    Ultimately, the strength of the password is **everything**. If your password is `a`, it'll probably be the very first thing you try in your brute-force cycle. If the password is `ikwh9&*)Y9h^&TH897G(*h987y0y89&Jy89&to87jt8g56342&^908um908^y78%34*790(_ – deceze Sep 22 '10 at 06:59
  • 2
    As was mentioned in your link, a $200.000 specialized machine took a week. And it didn't say in the blurb how long the brute-forced value was. Normal commercially available processors have a fraction of that power. I'll say it again: It comes down to your available **time and money**. That's the entire premise of cryptography, to make it **infeasible** to decrypt something, not **impossible**. – deceze Sep 22 '10 at 07:00
  • PS: Realistically DES is a bit easier to brute-force than that because of its small key space, but it still comes down to the strength of the password and the power of the machine you can run your brute-force on. That means, as I said, DES is feasibly brute-forceable, it's not *cracked*. `When DES was approved as a federal standard in 1976, a machine fast enough to test [all] keys in a reasonable time would have cost an unreasonable amount of money to build.` http://en.wikipedia.org/wiki/EFF_DES_cracker AES & co will face the same problem eventually. – deceze Sep 22 '10 at 07:16
  • 3
    Somehow I get the idea that the OP's idea of cryptography is based on Hollywood movies. – MAK Sep 22 '10 at 19:46

1 Answers1

3

John the Ripper

Nicolas Viennot
  • 3,921
  • 1
  • 21
  • 22