-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-06-21 15:16, Robin Schneider wrote:
> On 21.06.2016 23:54, Arqwer wrote:
>> How "quick" any of available super PCs (10,649,60 cores,
>> 125,435. TFLOP/S
>>> )  can find the password (e.g 8-16 chars) encrypted with Qubes 
>>> default settings cryptsetup?
>>> 
> 
>> Encryption is the hardest part of chain. If the passphrase is 
>> long enough.If password is 16 random lowercase and uppercasr 
>> letters, then it is 52^16 combinations, it is about 10^27. If
>> you can crack 100 Peta passwords/S, then it will take 10^(27-17)
>> = 10^(10) seconds to brute the password, which is 316 years. 
>> (Really expectation is half of it, so 158 years on average). Of 
>> course, if those letters are not "Password12345678".
> 
>> How can we improve security to prevent this?
> 
> 
>> If 316 years is not enough, than you can add one more character, 
>> to make it 16 thousands of years!
> 
> 
> Most of those projections about how many years brute forcing a 
> passphrase with that many bits of entropy may take completely 
> ignore one key aspect, especially when you are talking about 
> hundreds of years and that is technical advance and Moore's law.
> So to be realistic, you would need to take that into
> consideration.
> 
> Refer to:
> 
> * https://crypto.stackexchange.com/questions/1815/how-to-account- 
> for-moores-law-in-estimating-time-to-crack
> 

True, but there may also be thermodynamic limitations. As Schneier
wrote in _Applied Cryptography_:

"These numbers have nothing to do with the technology of the devices;
they are the maximums that thermodynamics will allow. And they
strongly imply that brute-force attacks against 256-bit keys will be
infeasible until computers are built from something other than matter
and occupy something other than space."

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXaf0dAAoJENtN07w5UDAwTSIQAJ3kz83tAfbU1JCR9uaCqLHx
AUGBZy1ZQFBMNk3zkz9kA8T3cq28KFqc9o7TQA95aNoQ5Lhya72r+09EH/ADiHxL
SPHgPgHVHSzajpiUFIfJOJYSqdbyzh+45+WXsjCyykXuG514dPHVqQYrCA5hHIww
TwX/ChfyizprTMsrZrrwI4sLcLSaLvrcoRZtb2vWXS97Qa6wY0GsZCPu228bnbV4
p0jRPT271PA6BTLmSRKpKLdRjfznmcX3I+LQIFn9Jp9iwuEWQkZdTocT1/R4f6/C
lbVv7RhgfC6UpaulOP0+zgcZf1+zBqZfsMZCem2sDj7xol0oMg7NCA+nvFz5Smlm
Ax+lCaGjm8tYY7/JJ2Fwbu85Bz6bciHWORdiLo1iuRx6zcKNE47kAbcmHdik0hu0
Oh6khINpwPP1ZbZzcnKhWs5y5jrhDrrJap3gOkRt2kCoOPjAXVA6lsWYNf+lQ91O
Le24p+ZkBZxk4fgpLiEydQOczZl4vxozYKMvJ1PvMLJ8pzywTS4B7svl7Z5foQdS
ce2StirqA23IpEUccbjoraG2X7KXvOJ76ugD+35zTQt8uoVPGfRZAycuuLRWCLLD
1dGF6G5Duj4g2Mo1a2iZv29gj9+bxhiEmP5QnJl6xntTPYdPxcxuJgSGq7LK3gF2
xRTnIWKJmwIXdQ2Nlb4n
=nUJi
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c716075-a467-bc63-48e2-c8f06ffc57ed%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Reply via email to