Gerhard Schneider wrote:
> I have been searching the lists for any hints concerning the high
> probability of brute-force-attaccks aginst the password of an encrypted
> filesystem, but did not find much.
[snip]
> There is the -S option in loop-AES, which aims to slow down dictionary
> attacks. Does this mean the computation time for one guess inreases?
Total CPU time does not increase for just one filesystem.
Use of -S option just means that attacker can't start precomputing
passphrase hash values prior to knowing the seed. That slows down
*optimized* dictionary attack where hash values are only computed once in
advance.
If attacker attempts to crack 3 encrypted filesystems *without* -S option:
0) Compute passphrase hash values for every passphrase in dictionary.
Attacker had computed this last year so he does not need to do this now.
1) Try each hash for filesystem #1
2) Try each hash for filesystem #2
3) Try each hash for filesystem #3
If attacker attempts to crack 3 encrypted filesystems *with* -S option:
1) Compute passphrase hash values for every passphrase in dictionary.
2) Try each hash for filesystem #1
3) Compute passphrase hash values for every passphrase in dictionary.
4) Try each hash for filesystem #2
5) Compute passphrase hash values for every passphrase in dictionary.
6) Try each hash for filesystem #3
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
