RSSTo crack 17-character AES password: 100 years and 1 billion dollars
Mar 29
Uncategorized compression, encryption, Rijn Dael, Security View Comments
In my previous ‘Free File’ article, I briefly reviewed the open-source compression-utility 7-Zip. Like most other archiving tools, 7-Zip is also capable of encrypting your files. To do this, it utilizes industry standard AES-256 encryption (a.k.a. Rijn Dael) and recommends a password strength of 10 characters or more. The Help-function in 7-Zip has a nice illustration of what it would take to crack a secure AES password.
In accomplish this, one would need:
- cesspools of time
- a processor that can check 10 passwords per second
- to check 10 billion passwords per second, a budget of at least 1 billion dollars
To illustrate the importance of adequate password length, here’s a comparative table:
| Password Length | Single User Attack | Organization Attack |
| 1 | 2 s | 1 s |
| 2 | 1 min | 1 s |
| 3 | 30 min | 1 s |
| 4 | 12 hours | 1 s |
| 5 | 14 days | 1 s |
| 6 | 1 year | 1 s |
| 7 | 10 years | 1 s |
| 8 | 19 years | 20 s |
| 9 | 26 years | 9 min |
| 10 | 37 years | 4 hours |
| 11 | 46 years | 4 days |
| 12 | 55 years | 4 months |
| 14 | 64 years | 4 years |
| 15 | 82 years | 22 years |
| 16 | 91 years | 31 years |
| 17 | 100 years | 40 years |
