Hi, I need a good explaination as to why it is so unlikely to be able to crack a encypted, password protected dmg. And, that sending it off to "professionals" is really the only way to crack it and if a "pc person" at a local computer store would be able to crack it.
Comments
Hi, I need a good explaination as to why it is so unlikely to be able to crack a encypted, password protected dmg. And, that sending it off to "professionals" is really the only way to crack it and if a "pc person" at a local computer store would be able to crack it.
please provide context so that we know if you're asking about illegal activities or not. You'll run a better chance of getting a good reply if we know that first.
please provide context so that we know if you're asking about illegal activities or not. You'll run a better chance of getting a good reply if we know that first.
of course it was illegal activity ... and I have to explain to a judge why it is not possible to crack it locally, and to get into it, it will be best to send it away to professionals like Drivesavers, as I do not think anyone locally is qualified to crack it
of course it was illegal activity ... and I have to explain to a judge why it is not possible to crack it locally, and to get into it, it will be best to send it away to professionals like Drivesavers, as I do not think anyone locally is qualified to crack it
soo... are you asking us for advice on how to do something illegal, or are you asking us for reasons why it would not be possible to do something illegal? It sounds like you are a lawyer defending someone who has been charged with illegally accessing the files on a protected drive... is that it? Or are you the prosecutor who has to justify the expense of hiring a non-local company in order to obtain evidence against someone whom you are prosecuting?
Even a piddly 128 bit key has enough possibilities to take until the sun goes nova to guarantee a 50% chance of breaking it. Sure someone might get lucky in a few thousand years, but by then nobody is going to care about your data.
Far more effective is installing a key-logger before the dmg is seized. Then the power of the subpoena gives lets you forget about cracking it at all. Or maybe you get luck guessing one of the brain dead stupid simple personally connected possibilities. But if it ain't one of those that data is almost assuredly safe for a long time.
And for all the Einsteins that think a short password makes a damn bit of difference, AES encryption will pad the password in a suitably pseudo random manner to a full length password. Even a crappy one character password will be for all intents an purposes just as hard to crack.
soo... are you asking us for advice on how to do something illegal, or are you asking us for reasons why it would not be possible to do something illegal? It sounds like you are a lawyer defending someone who has been charged with illegally accessing the files on a protected drive... is that it? Or are you the prosecutor who has to justify the expense of hiring a non-local company in order to obtain evidence against someone whom you are prosecuting?
I don't have to justify the expense, it is going to a data recovery company, I just wanted a simply explanation as to why that is the only way to get the dmg opened if in fact that is the only way.
And for all the Einsteins that think a short password makes a damn bit of difference, AES encryption will pad the password in a suitably pseudo random manner to a full length password. Even a crappy one character password will be for all intents an purposes just as hard to crack.
What difference does that make? If you brute force the password verifier, you have significantly less possibilities to run through with a short password than a long one before you get to the right one. I can assure you, a one character password is not just as hard as say an 8 character one. If it was, our alarm systems would all have one character codes.
I just wanted a simply explanation as to why that is the only way to get the dmg opened if in fact that is the only way.
When the data is encrypted, it is done using a key/password. This password is often a component in a mathematical expression that is pretty much unsolvable without it. I can't remember how the specific algorithms work - I wrote a program years ago to encrypt data using AES - but if you google AES encryption, which is what the Disk Utility uses, you should get a good idea how it works.
I'm sure a lot of people suspect that an encrypted dmg is simply a storage space with a lock preventing access. It is in fact one single file whose contents have been scrambled using a mathematical algorithm and a key. OS X just descrambles the data on the fly. You notice the CPU hit when copying to and from encrypted images. This means that it is not simply a matter of opening a door to get to the data like cracking a system password would be, the entire contents of the image need to be descrambled and that needs the key.
This is why people like Drivesavers won't be any good either. As it says on their site:
"4. Tell us if you use password protection or encryption software.
We will need to know what program you are using, the version and the password."
You are looking for the wrong type of professionals but I suspect that there are few professionals in that line of work given that the success rate will likely be very low. You'd be as well trying to brute force crack the dmg yourself but if someone made it with the sole intention of preventing you from gaining access, it's probably likely they used a long password. If they also intended to get access to it again, the best bet would be to try and guess what they would be likely to remember e.g family names or nicknames.
AES encryption isn't crackable by sending it off to anybody.
Unless the password can be guessed, you aren't going to get that data.
What difference does that make? If you brute force the password verifier, you have significantly less possibilities to run through with a short password than a long one before you get to the right one. I can assure you, a one character password is not just as hard as say an 8 character one. If it was, our alarm systems would all have one character codes.
I oversimplified. Cracking algorithmically is arbitrarily hard no matter the password size. Guessing is easier with shorter passwords. Different attacks. For all intents and purposes though you are right for short passwords because of the guessing.