TelsaCrypt 4.0

[GoFigureItOut]

I read that this variant is impossible to decode/decrypt because the encryption key/public key/password hash is deleted after being sent to a specific. A very knowledgeable computer person said that's not true! The password can still be obtain with a powerful enough GPU. Is he right or wrong? From my understanding, it wouldn't be possible because it has nothing to compare a password to?

 

[blobster21]

i guess he's right : look at Apple and the FBI fool game, the later claim to be able to brute force apple's protection.

Depends if you can line up thousands of CPU/GPU to achieve the brute force !

 

[GoFigureItOut]

So basically if you can't your hands on equipment like that its theoretically impossible?

 

[newtekie1]

Any encryption can be brute forced, it is just a matter of how long it will take. The encryption used by TeslsaCrypt is 4096-bit encryption. Theoretically it is possible to crack, but there isn't enough computer hardware in the world to do it in a reasonable amount of time.

 

[Ahhzz]

Absolutely, theoretically. I saw somewhere, a year or so ago, that it would take a "top of the line" (not overclocked, LN2, super-geeked) modern computer approximately 200 years to bruteforce its way thru modern encryption, assuming the answer is all the way at the end of the rainbow"
I don't know what it would take today's newest PCs, with newer bus speeds and substantially more memory available, but it it would still be an extended period of time: however, still theoretically possible.

 

[GoFigureItOut]

Okay. I get it now. It's not impossible to brute force, but at the same time, its not very practical.

What are private keys for? The article that I read said that older version left a copy on the victims machine

 

[Steevo]

To understand encryption and keys you have to understand how they work.

A basic encryption scheme might be something like, shift all alphabet letters one place right, spaces are replaced with a star. Hard to read but not impossible to crack, and they key would be what I just typed, they way to decrypt the text.


Now a high lever overview is, we know of a few algorithms that do a wonderful job of encrypting things, and most are based on a few common parts for the key (though still random supposedly), and the "private" part is something unique to the user, so many easy encryption programs would use something abstract or a user input along with the common key parts and store that key encrypted with a password to keep it safe. The issue becomes if I know the key exists on a machine, and have low level access to the data, I can brute force parts of the key to reduce the time needed to decrypt and the complexity of the encryption to something breakable. The more routine the software runs, for example the first and last parts of the key are the date and time of the encryption, the less has to be known, and the password limits and complexity reduce the amount of effort to steal the key or enough of it to brute strength the rest of the data. So storing the key on the machine can be an issue where low level data access allows for exploitation of the key and thus the data.

 

[Ahhzz]

A private key is pretty much what it sounds like: the key. It's the random letters and numbers that let the system un-do (decrypt) what was done. There's tons out there that explain it much better than I ever could. If you really get serious, I recommend checking out anything by Bruce Schneier, a god in the field of computer security.
Basically what it meant, was that they locked the door, and then hid the key outside the house somewhere, and then called and said "We've changed the locks, locked your house, and we're the only ones with the new keys! We'll take money to let you back in", and then someone spotted the fake rock in the garden, and found the keys.

 

[Caring1]

i guess he's right : look at Apple and the FBI fool game, the later claim to be able to brute force apple's protection.

Depends if you can line up thousands of CPU/GPU to achieve the brute force !

Like disguising it as a crypto mining operation and randomly rewarding participants.

 

[RejZoR]

You can't brute force 100+ character full ASCII passwords. No matter what kind of super computer you're using. Afaik, these crypters use just that. A block of ASCII characters as a password to unlock files.

 

[Ahhzz]

You can't brute force 100+ character full ASCII passwords. No matter what kind of super computer you're using. Afaik, these crypters use just that. A block of ASCII characters as a password to unlock files.

Not accurate. Like we said, implausible and impractical, but not impossible.


What if you use a longer passcode? Here’s how long the FBI would need:

• seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
• eight-digit passcodes will take up to three months, and on average 46 days, to crack
• nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
• 10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
• 11-digit passcodes will take up to 253 years, and on average 127 years, to crack
• 12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
• 13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack