Page 1 of 1

I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 12:40 am
by 133794m3r
Ok, my girlfriend just came to me today saying that she's forgetten teh password to a .docx file where she wrote her poem in. Apparently they're using aes128 to encrypt it. The guidance i'm wondering is where should i start to help her recover said password/document. Should i attempt to decrypt the entire document? or would it be better to just brute force till the morning light.

The second thing is, how safe is safe enough with the use of passwords for an average user. I am currently going to be using bcrypt with a salted value which is a random string of text, then i was going to add in ~20-30 characters of text to both sides of said password then it's encrypted. There'll be 1 nonce which is set in stone for everyone, and teh second one will be chosen pseduo randomly and the value for which one it is in the list will be stored in the database. Now then besides that how many attempts at logging in should i allow someone to do? I know this last bit isn't too much as far as cryptography's concerned but the first part is and i didn't wnat to make three threads for a similar post.

the third thign would have to be two crypt is the best way to encrypt the users email addresses correct?

If anything in this thread doesn't belong in the cryptography section then feel free to move it, i just thought that it was fitting to be here since a majority of it deals with cryptography.(which i've found a new interest in as of late)

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 1:53 am
by sanddbox
Good luck decrypting AES 128...

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 2:08 am
by faazshift
If anyone could just decrypt a document encrypted like this, it would completely negate the point of it being encrypted.

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 3:47 am
by 133794m3r
faazshift wrote:If anyone could just decrypt a document encrypted like this, it would completely negate the point of it being encrypted.

i never said it was going to be easy. But i do know that there hsa to be a password in one of the files that are stored inside of the pseudo zip.

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 4:40 am
by Goatboy
133794m3r wrote:i never said it was going to be easy. But i do know that there hsa to be a password in one of the files that are stored inside of the pseudo zip.

I'm almost certain the password is not stored in the file. The password is really a key which is used to decrypt the file. If you type in the wrong key, you get gibberish.

Also, why would she AES a poem?

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 7:01 am
by insomaniacal
She has to have some idea of what the password was. I know if you're using something like Cain and Abel you can specify which characters to use. Using only those characters and brute-forcing from there would make it much faster.

But as Goatboy said, why would you encrypt a poem with AES?

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 2:56 pm
by Goatboy
insomaniacal wrote:But as Goatboy said, why would you encrypt a poem with AES?

I thought of a possible reason. Here's her poem:

133764m3r's Girlfriend wrote:
133764m3r I swear to thee
That if you read this poem
I will take your balls, you see
And then proceed to throw 'em

Out the window to the street
Where some little creature may
Find a tasty snack to eat
And be on his merry way

So some advice to you I'll give
Lest you suffer much duress:
If you want your balls to live

DON'T decrypt my AES!


Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 3:19 pm
by sanddbox
Goatboy wrote:
insomaniacal wrote:But as Goatboy said, why would you encrypt a poem with AES?

I thought of a possible reason. Here's her poem:

133764m3r's Girlfriend wrote:
133764m3r I swear to thee
That if you read this poem
I will take your balls, you see
And then proceed to throw 'em

Out the window to the street
Where some little creature may
Find a tasty snack to eat
And be on his merry way

So some advice to you I'll give
Lest you suffer much duress:
If you want your balls to live

DON'T decrypt my AES!



Goatboy...will you marry me?

Re: I'd like to have a tad bit of guidance

PostPosted: Sun Feb 21, 2010 3:24 pm
by Goatboy
sanddbox wrote:Goatboy...will you marry me?

No...

I'm what some might call... a lone goat.