[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to protect an encrypted file system for off-line attack?

Ron Johnson escribió:
> On 02/23/2009 06:12 PM, Chris Jones wrote:
>> On Mon, Feb 23, 2009 at 02:34:26PM EST, Ron Johnson wrote:
>>
>>> Given enough time, and resources, *nothing* is untouchable. It's just
>>> a matter of whether They think that the time-effort is worth being
>>> spent on *you*.
>>
>> Like, twenty times the estimated life of the universe.. a thousand times
>> its mass in silicon chips. Everyone involved long dead anyways.
> 
> http://en.wikipedia.org/wiki/EFF_DES_cracker
>     When DES was approved as a federal standard in 1976, a machine
>     fast enough to test that many keys in a reasonable time would
>     have cost an unreasonable amount of money to build.
> 
> 
> http://en.wikipedia.org/wiki/EFF_DES_cracker#Technology
>    Advanced Wireless Technologies built 1856 custom ASIC DES chips
>    (called Deep Crack or AWT-4500), housed on 29 circuit boards of
>    64 chips each. The boards are then fitted in six cabinets. The
>    search is coordinated by a single PC which assigns ranges of keys
>    to the chips. The entire machine was capable of testing over 90
>    billion keys per second. It would take about 9 days to test every
>    possible key at that rate. On average, the correct key would be
>    found in half that time.
> 
> In the 11 years since Deep Crack, IC process technology has improved by
> leaps and bounds, and the NSA can throw a whole lot of h/w in parallel
> at brute-force attacks.
> 
> Combine that with Side Channel Attacks (easy if you have the machine
> that did the encryption, and which can discover part of the key) and
> mathematical analysis to determine even more of the key, you suddenly
> see something feasible.
> 
> Of course, all this effort would not be spent on a dissident with some
> "naughty books".
> 
>> +1 on RHD and messier (and subtler} techniques... way to go.
> 


As I also have read in the Wikipedia, it is reseonable to crack a 56bits
DES, a 64bits AES if you have online access to the machine, and probably
in the future it might be possible to crack a 128bits, even offline.
But, a 256 one? It seems incredible to me. 2^256 is this number:


115792089237316195423570985008687907853269984665640564039457584007913129639936

which is 10^79 iterations, I can't imagine the amount of power needed
for cracking that...
Isn't 4x10^80 the amount of atoms in the universe?
Reply to: