-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-06-21 15:16, Robin Schneider wrote:
> On 21.06.2016 23:54, Arqwer wrote:
>> How "quick" any of available super PCs (10,649,60 cores,
>> 125,435. TFLOP/S
>>> ) can find the password (e.g 8-16 chars) encrypted with Qubes
>>> default settings cryptsetup?
>>>
>
>> Encryption is the hardest part of chain. If the passphrase is
>> long enough.If password is 16 random lowercase and uppercasr
>> letters, then it is 52^16 combinations, it is about 10^27. If
>> you can crack 100 Peta passwords/S, then it will take 10^(27-17)
>> = 10^(10) seconds to brute the password, which is 316 years.
>> (Really expectation is half of it, so 158 years on average). Of
>> course, if those letters are not "Password12345678".
>
>> How can we improve security to prevent this?
>
>
>> If 316 years is not enough, than you can add one more character,
>> to make it 16 thousands of years!
>
>
> Most of those projections about how many years brute forcing a
> passphrase with that many bits of entropy may take completely
> ignore one key aspect, especially when you are talking about
> hundreds of years and that is technical advance and Moore's law.
> So to be realistic, you would need to take that into
> consideration.
>
> Refer to:
>
> *
https://crypto.stackexchange.com/questions/1815/how-to-account-
> for-moores-law-in-estimating-time-to-crack
>
True, but there may also be thermodynamic limitations. As Schneier
wrote in _Applied Cryptography_:
"These numbers have nothing to do with the technology of the devices;
they are the maximums that thermodynamics will allow. And they
strongly imply that brute-force attacks against 256-bit keys will be
infeasible until computers are built from something other than matter
and occupy something other than space."
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXaf0dAAoJENtN07w5UDAwTSIQAJ3kz83tAfbU1JCR9uaCqLHx
AUGBZy1ZQFBMNk3zkz9kA8T3cq28KFqc9o7TQA95aNoQ5Lhya72r+09EH/ADiHxL
SPHgPgHVHSzajpiUFIfJOJYSqdbyzh+45+WXsjCyykXuG514dPHVqQYrCA5hHIww
TwX/ChfyizprTMsrZrrwI4sLcLSaLvrcoRZtb2vWXS97Qa6wY0GsZCPu228bnbV4
p0jRPT271PA6BTLmSRKpKLdRjfznmcX3I+LQIFn9Jp9iwuEWQkZdTocT1/R4f6/C
lbVv7RhgfC6UpaulOP0+zgcZf1+zBqZfsMZCem2sDj7xol0oMg7NCA+nvFz5Smlm
Ax+lCaGjm8tYY7/JJ2Fwbu85Bz6bciHWORdiLo1iuRx6zcKNE47kAbcmHdik0hu0
Oh6khINpwPP1ZbZzcnKhWs5y5jrhDrrJap3gOkRt2kCoOPjAXVA6lsWYNf+lQ91O
Le24p+ZkBZxk4fgpLiEydQOczZl4vxozYKMvJ1PvMLJ8pzywTS4B7svl7Z5foQdS
ce2StirqA23IpEUccbjoraG2X7KXvOJ76ugD+35zTQt8uoVPGfRZAycuuLRWCLLD
1dGF6G5Duj4g2Mo1a2iZv29gj9+bxhiEmP5QnJl6xntTPYdPxcxuJgSGq7LK3gF2
xRTnIWKJmwIXdQ2Nlb4n
=nUJi
-----END PGP SIGNATURE-----