Why do random numbers make it harder to crack an encrypted HD?

[BirdDad]

I mean if they are going to brute force it isn't it a matter of finding the right password?
If so than why would it matter?

 

[Mark R]

There are so many possible passwords (more correctly keys) with modern encryption that you can't realistically use brute force. If you could convert every atom in the solar system into the most powerful supercomputer ever built, you would still expect a brute force search to take longer than the age of the universe.

Given that brute force over all possible keys is ridiculously impractical, if you want to try to crack the encryption, you need to have some sort of shortcut. Humans tend to choose non-random passwords, so you could use statistics of human chosen passwords to narrow your search. If the encryption uses a random number, then you can exploit biases in the random number generator to narrow your search.

Some versions of android phones shipped with a defective random number generator, which would only give about 65000 different sequences. If you know that the encryption key is one of 65000 then you could do a selective search on those combinations to find the key.

 

[mikeymikec]

One point there though, there's no such thing as a truly random number generator. If it's man-made, then there's logic in its design, and if it isn't man made, then there's a secret to its function to be discovered.

 

[BirdDad]

Thanks for the information.

 

[Mark R]

One point there though, there's no such thing as a truly random number generator. If it's man-made, then there's logic in its design, and if it isn't man made, then there's a secret to its function to be discovered.

Not true. It's easy to make a random number generator operating on true random processes: thermal noise, quantum effects, etc.

Most modern Intel CPUs include one, which measures the electrical noise caused by thermal vibration of electrons.

If you want a different design (e.g. one which is faster) then there are plenty of USB dongles or add-on cards which include true random sources, including true quantum sources - e.g. Link

 

[Jeff7]

And if you don't want to buy a Quantis to get just a few truly random numbers, there's always random.org.


They use atmospheric radio noise for their random numbers.

 

[John Connor]

I have always thought about using a piece of low grade uranium and messuring the radiation to create random numbers.

 

[paperwastage]

Does anyone have any good cryptography books for reading? (like history on the WW2 enigma, ...)

I see that there are two (or more) categories of encryption:

A) OTP (One-time pad), secret key is the same size as encrypted text.... so even if you brute force, you dont even know whether your decrypted message is correct

B) Encryption using shared/symmetric/public keys... you basically make brute-force very very hard (long keys, or amortized runtime for checking key is high so that you can't do it efficiently)

People attack B) via different methods. Quantum computers (if possible) that can "test" multiple keys at once, rely on attacks on the encryption algorithm (to reduce the key space, test fewer keys), attacks on the implementation (hardware "leaks" data when performing encryption, can use that data to reduce key size), brute force (hardware gets faster and cheaper in the future, test keys faster)

 

[John Connor]

http://users.telenet.be/d.rijmenants/

http://www.cryptomuseum.com/index.htm

 

[unokitty]

Does anyone have any good cryptography books for reading? (like history on the WW2 enigma, ...)...

If you are looking for an introduction from a historical perspective, Simon Sigh has: The Code Book. Which provides an excellent introduction without stressing you out too much concerning math.

Something that you could download right now for free would be the Cryptography Chapter from Ross Anderson's Security Engineering (Older Edition).

Download Cryptography Chapter (PDF)

For a WWII cryptographer's perspective some people like Marks, Between Silk and Cyanide.

For a somewhat more technical introduction you might try H.X. Mel and Baker, Cryptography Decrypted.

Don't know where you live, but if you happen to be near Baltimore, you could visit the NSA's National Cryptologic Museum. They have a pair of Enigmas out on the floor that you can use. They also have some free pamphlets that they give away which have the best technical description of Enigma cracking that I've ever seen. But they don't sell them. So the only way I know to get them is to go there...

If you have a hands on learning style, you might want to download Cryptool. It comes with excellent documentation. It also includes an Enigma simulator. (Open source--free!)

Anyway, there is lots and lots of stuff out there. But these are materials that I've found helpful.

Best of luck,
Uno

 

[smaky]

Christof Paar has 24 lectures that anyone can understand on youtube. Each is about hour and a half long. I have watched them all, some several times. Once you watch them you will have a very good understanding how this works.