-4

I would like to know the time estimate for a brute force attack to break my input (128-bit) which means 2^128 possibilities are there. Any online tool for that or any article which talks about that?

forest
  • 64,616
  • 20
  • 206
  • 257
Al-Ani
  • 1
  • 2
  • It's just a matter of putting the numbers into a basic formula: /. If you could do 100 hashes per second, and there were 1 million possible inputs, it would take 1000000/100=10000 seconds, or a bit under 3 hours, for example. – Matthew Dec 14 '17 at 09:37
  • What do you mean by break your input? Do you mean preimage attack? Second preimage attack? Collision? – forest Dec 18 '17 at 05:15
  • A collision attack has `2^(n/2)` collision resistance (so a 128 bit cryptographically-secure hash has 64 bit collision resistance) due to the birthday paradox. To calculate how long it would take, you should look at the cycles per byte for SHA-3-128 on your given processor, and take into account that a 128 bit input is 16 bytes, which will give you the number of cycles required to compute it. You may also want to look into an optimized GPU or ASIC implementation. The practical answer is "forever". You won't be able to even count to a 128 bit value, much less do `2^128` cryptographic hashes. – forest Dec 18 '17 at 05:27

1 Answers1

-1

This highly depends on your hardware. You can check online how many hashes may be calculated per second using your algorithm of choice.

Considering that a proper cryptographic hash function is not reversible and not predictable, brute force is the only method which can be used.

If the algorithm in question outputs 128 Bits, there are 2^128 possible hashes, so it's a huge space to explore. As you can't predict which digits will change as a result, if you flip a single bit of the input, there are not "hints", it's just (kind of) randomness, remember this!

Generating 2^128 Hashes is not guaranteed to produce your target hash! It's always a chance but as you can't predict anything, you can't be sure when you will hit your target hash.

tl;dr: Just look up how many hashes per second your hardware can achieve with that algorithm and then consider the possible space to explore (2^128 Hashes in your example). Then calculate the probability per hash execution.

Edit: Misread the question a little bit and crossed out the incorrect part. As the question states, the input is 128 Bits, so there are in fact only 2^128 possibilities, in order to find the correct one. Thanks SmokeDispenser for pointing that out.

GxTruth
  • 963
  • 6
  • 9
  • 3
    If we try to read some sense into the question, it says the original input was 128 bit long. Thus, evaluating all 2^128 inputs will yield the target hash, guaranteed. If that wasn’t the case, how would you come to the conclusion that 2^128 hashes would be enough or even in the same ballpark? – Tobi Nary Dec 18 '17 at 04:49
  • My bad, I misread this part and assumed the output hash was 128 Bit. Thanks for pointing that out. – GxTruth Dec 21 '17 at 07:55