Cryptography is a field that has been around for many hundreds of years and is concerned with the hiding or encrypting of information. As computers and technology become more common the field has grown rapidly and many of the ciphers and codes that were used by spies and governments in the past can now be cracked by a normal smartphone. One of the most basic cryptographic methods is to encode some piece of data or a message with a code, called a key. If this key is told to someone else, or guessed, then they will be able to decode the data and see whatever you have hidden or read your message.
A good comparison to this is a pin code, common on many home security systems or office buildings. The building is secure until someone knows the code and can gain access to the building. So how hard are these codes to crack?
Imagine you’ve just been recruited by IFOAS, The International Federation Of Awesome Spies, and to finish your training as a new spy you must crack an 8 digit pin code on the door to your top secret base.
4 digit codes on cheap bike locks and suitcases are notorious for being quite breakable if you’re patient enough to sit there and try all the combinations. But how long would it take to brute force (try every combination) for an 8 digit code?
There are 10 different numbers possible for each digit in the code: 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9. A one digit code would have only 10 possible combinations. A two digit code would have 10× 10 = 100 possible combinations. For an 8 digit code:
So how long does it take to enter one combination? Let’s say it takes 5 seconds in total to enter the numbers and then wait for the security system to check if this is the correct combination. Then:
That is more than 15 years!
What if the code only required 4 digits? How long would it take then?
Let’s say this time you can enter a code every 3 seconds as there are less numbers to push:
So it would take you up to 500 minutes, over 8 hours. It’s highly unlikely you’ll be able to brute force the correct combination before someone notices you and reports you to high command.
Real Life Example – Passwords Today
Most passwords nowadays can include lower and upper case letters, symbols and numbers – all 95 printable ASCII characters.
This large number of possible characters means brute forcing an 8 character password is much more challenging:
That’s more than 6 quadrillion possible combinations – too many to do by hand and you’d need a very fast computer to crack it. However, this doesn’t necessarily stop people. A lot of passwords have known phrases and are complete words (reducing the number of possible combinations). There are really good youtube videos about this. You may even want to change some passwords after watching it.
The above examples should, strictly speaking, all be called permutations, rather than combinations, because the order of the digits matters. Let’s say I had a 2-character password for my front door which read “5B”. If I entered “B5” the door wouldn’t open, because I’d entered the characters in the wrong order. Situations where the order matters are called permutations.
A good example of combinations are lottery numbers – for most lotteries, if you have the right numbers, it usually doesn’t matter what order they’re drawn in.