• bamboo@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    3 months ago

    a computer powerful enough can guess all possibilities in a matter of minutes, and query them all against the db to discover all files stored within.

    Again, it would be computationally infeasible on any reasonable timescale of human existence. It’s no secret what every possible UUID would be, it’s the fact there are 5316911983139663491615228241121378303 of them and trying each one would be futile. They’re actually all on https://everyuuid.com/ to see for yourself.

    Just for shits, I encrypted a file with a password being a UUIDv4. Here’s the encrypted file as base64:

    YLIR6fL46HfRmueb1tZWiQUFQHYnZOKO9oujOzhvWYpfTtB5RnHtAvMgUgeIsffLC1wz7D17Vp0VT5YIJMb5pA==
    

    Here’s everything you would need to do to decrypt this file with a password:

    $ echo "YLIR6fL46HfRmueb1tZWiQUFQHYnZOKO9oujOzhvWYpfTtB5RnHtAvMgUgeIsffLC1wz7D17Vp0VT5YIJMb5pA==" | base64 -d > file.enc
    
    $ openssl enc -aes-128-cbc -d -nosalt -in file.enc
    enter AES-128-CBC decryption password:
    u/[email protected] can't brute force this
    

    The password to decrypt the file is a UUIDv4. See if you can try every UUID and figure out which one I used as the password.