posted on Sep, 20 2009 @ 11:25 PM
Wow, you've really discovered something here!
You're partially right on the reason why large primes are so valuable for data encryption methods. Factorization of two multiplied primes is very
difficult indeed -- but also, the fact that a prime is divisible only by one and itself is of great value to prevent partial brute force hacks.
Depending on the encryption method (I'll use the old LanMan or LM hash as an example) to conserve space the key may actually be stored (or can be
hacked) in chunks that are factors of the original key length.
In the LM hash (used to encrypt passwords in every Windows OS prior to Vista) your 14-character password is actually stored in two 7-character chunks.
So, you really only need to hack two 7-character passwords rather than one 14-character password.
It sounds like the same amount of work (hacking hacking two 7-char strings rather than one 14-char string) but it's really a *LOT* less work. To
show this, I'll give some examples of how many permutations exist for each 7-char chunk of the password, versus a single 14-char password.
To make this simple I'm going to use every lowercase letter of the alphabet as a possible character in a password. Yes I realize you can also use
numbers or symbols (which is a good practice by the way) but for simplicity's sake we're going to stick with lowercase letters.
So, if your password can be at most 14 characters long, and you have 26 available options for each character (one for each letter in the alphabet) the
number of unique possible combinations are:
26! 26! 26x24x23x22x21x20x19x18x17x16x15x14x13x12x11...x1
26_P_14 = ------- = ---- = -------------------------------------------------------------------
(26 - 14)! 12! 12x11...x1
Basically, you subtract the length of the string (14) from the number of available characters (26) giving you 12. Next, you take the factorial of the
number of available characters (26) down to 12. Factorials are easy. The factorial of 26 = 26 x 25 x 24 x 23 x 22 x 21.... etc. all the way down to
1. So, we take the factorial of 26 down to 12:
26 x 25 x 24 x 23 x 22 x 21 x 20 x 19 x 18 x 17 x 16 x 15 x 14 x 13 x 12 = 10,103,301,395,066,880,000
That makes for roughly 10 QUINTILLION possible combinations for a password 14 characters long. Now let's do the same for a 7-character password,
which means we take the factorial down to 19:
26 x 25 x 24 x 23 x 22 x 21 x 20 x 19 = 62,990,928,000
As you can see, this is a SIGNIFICANTLY smaller number of possible combinations. Over 100 million times as small. In the world of brute-force
hacking this is a tremendous advantage. For those of you unfamiliar with the term, "brute force" hacking means basically trying every available
combination of characters until you happen to get it right. If I know your username, I just "brute force" the server or website you logon to,
trying every available combination of letters until I happen to get it right.
Let's say my computer is super dooper fast and can brute-force 1,000,000 passwords per second. Using the figures above, for a 7-character password,
it would take about 62,990 seconds -- or about 17 hours.
Using the same computer, to brute-force a 14-character password would take 10,103,301,395,066 seconds, or roughly 320,000 years, give or take a few.
Obviously, hacking two 7-char passwords would be a better choice.