• 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    arrow-up
    1
    arrow-down
    3
    ·
    3 months ago

    The Translator was the nickname given to, what essentially was, the NSA supercomputer that could solve any (non-shift text) encryption by bruteforcing the key in under an hour (most of the time, in about 15 minutes). I mentioned DES, because it was an encryption so old that nearly everyone has heard about it, and one that I know was used on The Translator. And you’re right, DES was capped at 56 bit keys, because they could crack it without The Translator, if needed.

    But the scope isn’t if the UUIDs are crackable (which, of course, they’re not, since they’re not encrypting anything). The scope is if using UUIDs as filenames in this publically accessible db a good way to hide the files. And the answer is: no it is not a good way, because a computer powerful enough can guess all possibilities in a matter of minutes, and query them all against the db to discover all files stored within.

    • bamboo@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      3 months ago

      a computer powerful enough can guess all possibilities in a matter of minutes, and query them all against the db to discover all files stored within.

      Again, it would be computationally infeasible on any reasonable timescale of human existence. It’s no secret what every possible UUID would be, it’s the fact there are 5316911983139663491615228241121378303 of them and trying each one would be futile. They’re actually all on https://everyuuid.com/ to see for yourself.

      Just for shits, I encrypted a file with a password being a UUIDv4. Here’s the encrypted file as base64:

      YLIR6fL46HfRmueb1tZWiQUFQHYnZOKO9oujOzhvWYpfTtB5RnHtAvMgUgeIsffLC1wz7D17Vp0VT5YIJMb5pA==
      

      Here’s everything you would need to do to decrypt this file with a password:

      $ echo "YLIR6fL46HfRmueb1tZWiQUFQHYnZOKO9oujOzhvWYpfTtB5RnHtAvMgUgeIsffLC1wz7D17Vp0VT5YIJMb5pA==" | base64 -d > file.enc
      
      $ openssl enc -aes-128-cbc -d -nosalt -in file.enc
      enter AES-128-CBC decryption password:
      u/[email protected] can't brute force this
      

      The password to decrypt the file is a UUIDv4. See if you can try every UUID and figure out which one I used as the password.