I'd like to have a tad bit of guidance

[133794m3r]

Ok, my girlfriend just came to me today saying that she's forgetten teh password to a .docx file where she wrote her poem in. Apparently they're using aes128 to encrypt it. The guidance i'm wondering is where should i start to help her recover said password/document. Should i attempt to decrypt the entire document? or would it be better to just brute force till the morning light.

The second thing is, how safe is safe enough with the use of passwords for an average user. I am currently going to be using bcrypt with a salted value which is a random string of text, then i was going to add in ~20-30 characters of text to both sides of said password then it's encrypted. There'll be 1 nonce which is set in stone for everyone, and teh second one will be chosen pseduo randomly and the value for which one it is in the list will be stored in the database. Now then besides that how many attempts at logging in should i allow someone to do? I know this last bit isn't too much as far as cryptography's concerned but the first part is and i didn't wnat to make three threads for a similar post.

the third thign would have to be two crypt is the best way to encrypt the users email addresses correct?

If anything in this thread doesn't belong in the cryptography section then feel free to move it, i just thought that it was fitting to be here since a majority of it deals with cryptography.(which i've found a new interest in as of late)

[sanddbox]

Good luck decrypting AES 128...

[faazshift]

If anyone could just decrypt a document encrypted like this, it would completely negate the point of it being encrypted.

[133794m3r]

If anyone could just decrypt a document encrypted like this, it would completely negate the point of it being encrypted.

i never said it was going to be easy. But i do know that there hsa to be a password in one of the files that are stored inside of the pseudo zip.

[Goatboy]

i never said it was going to be easy. But i do know that there hsa to be a password in one of the files that are stored inside of the pseudo zip.

I'm almost certain the password is not stored in the file. The password is really a key which is used to decrypt the file. If you type in the wrong key, you get gibberish.

Also, why would she AES a poem?

[insomaniacal]

She has to have some idea of what the password was. I know if you're using something like Cain and Abel you can specify which characters to use. Using only those characters and brute-forcing from there would make it much faster.

But as Goatboy said, why would you encrypt a poem with AES?

[Goatboy]

But as Goatboy said, why would you encrypt a poem with AES?

I thought of a possible reason. Here's her poem:

133764m3r I swear to thee
That if you read this poem
I will take your balls, you see
And then proceed to throw 'em

Out the window to the street
Where some little creature may
Find a tasty snack to eat
And be on his merry way

So some advice to you I'll give
Lest you suffer much duress:
If you want your balls to live
DON'T decrypt my AES!

[sanddbox]

But as Goatboy said, why would you encrypt a poem with AES?

I thought of a possible reason. Here's her poem:

133764m3r I swear to thee
That if you read this poem
I will take your balls, you see
And then proceed to throw 'em

Out the window to the street
Where some little creature may
Find a tasty snack to eat
And be on his merry way

So some advice to you I'll give
Lest you suffer much duress:
If you want your balls to live
DON'T decrypt my AES!

Goatboy...will you marry me?

[Goatboy]

Goatboy...will you marry me?

No...

I'm what some might call... a lone goat.