On 22 Aug 2015 03:38 +0000, from wurzelsepp1337@xxxxxx (Heinz): > If i am not mistaken, a computing power of at least 10^42 FLOPS would be > needed to effectively go through this area. > 2^160 / 10^42 FLOPS = 1461501 Seconds = 16 Days to break SHA1, but > technically we arrive until approximately 10^18 FLOPS or 1 exaFLOP. This holds only if a full SHA-1 hash computation can be reduced to a single floating-point operation, which it cannot; hashing a 64-byte block with SHA-1 takes somewhere around 40,000 integer operations, plus any applicable memory accesses. For a back-of-the-envelope calculation, add four orders of magnitude to your figure. Also, it disregards the key derivation iteration, which adds another several orders of magnitude in practice to converting a LUKS passphrase into a keyslot key. Add another four or five orders of magnitude to your figure. So on this hypothetical system that can do 10^42 flops and has similar integer performance, your 16 (1.6 × 10^1) days instead become something more like 1.6 billion to 16 billion (1.6 × 10^9 to 1.6 × 10^10) days. To put this in perspective, that's only two orders of magnitude less than the time elapsed since the Big Bang (13.798 × 10^9 years or 5.04 × 10^12 days). And 10^42 flops isn't even on the horizon as far as computational capability is concerned. Some comparison: Wikipedia lists the fastest single computer as of mid-2013 as having a floating-point performance of 33.86 petaflops (3.386 × 10^16 flops). You'd need some 2.95 × 10^25 (29,500,000,000,000,000,000,000,000), or something like 10^15 for every person on Earth, of those computers to get to 10^42 flops. Again Wikipedia claims that supercomputers are expected to reach one exaflop (10^18 flops) in 2018; at 10^18 flops, you'd need 10^24 (that's a measly 1,000,000,000,000,000,000,000,000) such computers to reach 10^42 flops. One manufacturer apparently claims to be able to deliver a 17.1 exaflop (1.71 × 10^19 flops) computer in 2020; you'd need 5.85 × 10^22 (58,500,000,000,000,000,000,000) such computers to get 10^42 flops, and we currently don't even have _one_. That's not to say that LUKS is invulnerable, especially in practice. It does however make it seem likely that an adversary would pick a different attack. It would be much cheaper, and less obvious, to install a key logger, or hire some criminals to kidnap and torture your family until you give up the passphrase. -- Michael Kjörling • https://michael.kjorling.se • michael@xxxxxxxxxxx OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp “People who think they know everything really annoy those of us who know we don’t.” (Bjarne Stroustrup) _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
