what do you mean by 'Total CPU time does not increase for just one filesystem.'? regards, greg At 18:21 2002. 10. 07., you wrote: >Gerhard Schneider wrote: > > I have been searching the lists for any hints concerning the high > > probability of brute-force-attaccks aginst the password of an encrypted > > filesystem, but did not find much. >[snip] > > There is the -S option in loop-AES, which aims to slow down dictionary > > attacks. Does this mean the computation time for one guess inreases? > >Total CPU time does not increase for just one filesystem. > >Use of -S option just means that attacker can't start precomputing >passphrase hash values prior to knowing the seed. That slows down >*optimized* dictionary attack where hash values are only computed once in >advance. > >If attacker attempts to crack 3 encrypted filesystems *without* -S option: > >0) Compute passphrase hash values for every passphrase in dictionary. > Attacker had computed this last year so he does not need to do this now. > >1) Try each hash for filesystem #1 >2) Try each hash for filesystem #2 >3) Try each hash for filesystem #3 > >If attacker attempts to crack 3 encrypted filesystems *with* -S option: > >1) Compute passphrase hash values for every passphrase in dictionary. >2) Try each hash for filesystem #1 >3) Compute passphrase hash values for every passphrase in dictionary. >4) Try each hash for filesystem #2 >5) Compute passphrase hash values for every passphrase in dictionary. >6) Try each hash for filesystem #3 > >Regards, >Jari Ruusu <jari.ruusu@pp.inet.fi> > >- >Linux-crypto: cryptography in and on the Linux system >Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
