How to test the strength of a key

[skanke]

I´m using Advanced Encryption Package 2005 Professional to encrypt files. I use a few different keys. Now to the question, is there a way for me to test how good my keys is - I do not mean breaking them, just to get an idea if the key is good enough?

[SDK]

Try to BruteForce or a Dictionary Attack on them?

[sec_ware]

Hi

This Encryption packages seems rather nice, supporting DESX, BLOWFISH, RIJNDAEL(AES),
CAST,3-DES, RC2, DIAMOND2, TEA, SAFER, 3-WAY, GOST, SHARK, SQUARE, SKIPJACK,
TWOFISH, MARS and SERPENT, and of course RSA Public-Private Key Cryptography.

To answer your question it is of importance to know which cipher you actually use. In a lot of
these methods, although I do not know all of them, the key length is fixed. What you can do
to have best protection is to use keys, which are not words and make use of all different
kind of chars, like _,&, *, @ etc. However, if the algorithm itself is vulnerable to some kind
of attack, your key is not that important.

If you use the RSA package, make sure that your private keys are protected using a
long passphrase, rather than an 8digit password.

If you use 3DES or the AES (especially with a keysize of 256bits) you will do pretty well.
Note, that AES is the US official standard since 2002 for sensitive data[1].


Remark: The package seems to have some basic dictionary attack (only 45'000 words).

Cheers


[1] http://www.theregister.co.uk/2001/12..._the_official/