General Discussion
In reply to the discussion: Greenwald interview: NSA cannot break the code on Miranda's thumb drives. [View all]Xithras
(16,191 posts)A dictionary attack using all known words in common languages, including all possible spelling variations (including l33t), word combinations, capitalization variations, injected numbers, potential reversals, etc., etc., will break 95% of encrypted documents using a key count in the tens of billions. That still sounds like an incredibly large number, but the NSA has the equipment to crack that relatively quickly.
256-bit AES is only "uncrackable" if your password looks like this:
6D4;502e44412e33694@3a445d752G53225c2^7e3821274a4E5d5e7d70+
A typical password, created by a user trying to come up with something "complicated, will look like this:
"E$t@c0ntRa$eñA3smVyD|fí<il"
("this password is very hard", in a foreign language, using random casing and character replacement).
Most people want passwords that they can remember, which typically means words, names, or numbers that have meaning to them. This narrows the keyspace to a more manageable subset of possible keys. That first password could take a hundred million years to crack. I'd be shocked if it took the NSA two days to crack the second.
The weakness in AES isn't the technology, but the humans who use it.