Security people

There is something odd about most security people. A lifetime of trying to find faults in everything does that to a person (although it is natural to woman so why are their so few women in IT security).

We demonstrated a new product this week to a government department. They current send some paperwork out via post and want to go electronic. We demonstrated the system to them. I pointed out the encryption we use (AES 256) means that there is very little chance of it being cracked. But gov security guy insisted that we use a cracking tool to prove it. Put this in perspective. We were being asked to demonstrate this in a 2 hour meeting.

They sat down, we talked. We then fired up the password cracking tool in screen. We set the password length and let it go. After about 10 mins it had tried about 45,000 passwords. The trouble was the combinations it had left to try was 4.5 times 10 to the power 98.

Thats 4.5 with 98 0s after. Lets try this in Excel.

So 4.5E+98

The most powerful supercomputer on the planet today can achieve 1000 million tries per second.

That works out at around 1.43E+82 years to crack.

Now I have to say the odds were against it being cracked but one must remember that it could get it first time. So I was a little nervous. I am not that lucky, but I am that unlucky.

But the funny thing was that the security guy kept asking if we had any faster computers or quicker software. All I could say was 10 to the power 98!

Security people. Got to love em