TrueCrypt cracking in the future

I hear calculations of so many million years before a 64 character password will be brute-forced on TrueCrypt, but I thought that works on a (unlikely) assumption that computer power will stay the same level it is now.

For instance, in the past 100 years, there has been an explosion in the advancement of technology, and if the same happens this century, could TrueCrypt files possibly be broken a lot sooner?

If a Quantum computer tried to crack a 64 character cascading TrueCrypt container, would it actually take merely seconds, or still time-consuming but easier?

 

Also have a look here: https://www.wilderssecurity.com/showthread.php?t=288903

There are two factors, advances in technology and advances in cryptanalysis/mathematics.
About the first one: there are linear, predictable advances (like Moore's law). Some encryptions today are so strong that this kind of evolutionary progress can never crack them. Revolutionary new technology like QC can change that.

About the latter: Here's a recent example:
http://www.wired.com/wiredscience/2011/01/partition-numbers-fractals/

We can only speculate but if history has proven anything it's that most of the assumptions, facts and truths we believe in the present will be exposed as false in the future.

 

A 64 character password is so incredibly strong (especially if it's random) that it doesn't matter much about how fast computer technology advances, it still wont be feasible to break it. This is especially true due to the Landauer Limit, which basically means that the energy requirements for the computation would be too large to be feasible. You must take energy requirements into account and there isn't enough energy on earth to do it.

Quantum computers are the most effective against asymmetric (public key) crypto and are less effective against symmetric ciphers like AES or Twofish. The best a QC can do against something like AES is cut the keylength in half. Thus, AES-256 will be as hard to break for a QC as AES-128 is for classical computers.

 

There are research papers that describe how many bits you need to add to your keys to remain strong over time taking into consideration Moore's Law, computational advancements, etc. Here's a good one with many respected names on it:

http://people.csail.mit.edu/rivest/bsa-final-report.ps

I use 28 character base64 and 40 character hexadecimal encoded SHA1 sums generated from sentences for my passwords. IMO, these are good for the foreseeable future. 64^28 is a darn big number as is 16^40.

Here's my program (SHA1_Pass) that generates these passwords:

http://16s.us/sha1_pass/

Feel free to use it.

 

One theory used to assert that long passwords will remain safe from brute force is the "Von Neumann-Landauer Limit".
See:
http://en.wikipedia.org/wiki/Brute-force_attack

Using this limit, even an energy efficient computer that just flips through all possible bit combinations of a 256 bit password in one year would require a constant 30 gigawatts of power. To actually test each combination would require much more power.
Energy costs are increasing not decreasing so the cost of brute forcing a password is increasing into the future.
The only risk a strong password faces is the threat of a weakness being found in the encryption algorithm which reduces the number of brute force combinations by many orders of magnitude.

 

^^ What he said. Since no one has invented reversible computing yet, we are bound by the Landauer Limit. This means that no matter how fast computers become in the future, they will still require lots of energy to brute force a cipher and/or passphrase. 30 gigawatts of power, as used in the example above, is equivalent to about 30 nuclear power plants being dedicated to cracking a single key. And I am not so sure that 30 gigawatts is accurate -- I think it would take a lot more energy than that to brute-force a 256 bit key, much more energy in fact.

For instance, let's say you had a cluster of GPU's (like an Nvidia Tesla or Fermi). We know from benchmarks that the fastest of these GPU's can calculate about 2 billion passwords per second (depending on the hash used). Let's say you had a cluster of a billion of these GPU's. Therefore, multiply 1 billion GPU's by 2 billion passwords. This equals 2000000000000000000 passwords per second. To convert that to years, we multiply by 31556952.

Code:

2000000000000000000 X 31556952 = 6.3113904e25

So, 1 billion GPU's can calculate about 6.3113904e25 passwords per year.

A 256 bit passphrase or key will have 2^256 combinations, but on average a machine will only half to exhaust 1/2 of the keyspace before it finds the key. 1/2 of 2^256 = 2^255. Now, divide 2^255 by 6.3113904e25

Code:

2^255/6.3113904e25 =  9.17326309249671795169e50 years

Therefore, it would still take a cluster of 1 billion GPU's longer than the age of the universe to brute force a 256 bit key (much longer than the age of the universe).

But, as for the Landauer Limit, that's easy to compute too. Most high-end GPU's take around 150w of energy to power them at full load. So, let's multiply 150w by 1 billion GPU's:

Code:

150 X 1000000000= 1.5e11 watts

We know that the bigger nuclear power plant reactors can output about 1 gigawatt of energy. Therefore:

Code:

1.5e11 watts / 1 gigawatt = 150

Therefore, you would need a 150 nuclear power plants to power a cluster of 1 billion GPU's. And even then it would still take them longer than the age of the universe to exhaust 1/2 of a 256 bit keyspace.

Let's say we had 1 quadrillion of these GPU's.

Code:

1000000000000000 GPU's X 2000000000 passwords/sec = 2e24 passwords/sec

Now convert that to years:

Code:

2e24 passwords/sec X 31556952 = 6.3113904e31 passwords/year

They could compute 6.3113904e31 passwords a year. Now let's find out how long it would take them to compute 2^255 passwords:

Code:

2^255 / 6.3113904e31 = 9.17326309249671795169e44 years

Still much longer than the age of the universe. There is not much difference in a billion GPU's and a quadrillion. Neither can complete the key before the sun burns out.

Now, as for the Landauer Limit. To power 1 quadrillion GPU's, we would need:

Code:

1 quadrillion x 150w = 1.5e17 watts

Now, divide that by 1 gigawatt:

Code:

1.5e17 / 1 billion watts = 1.5e8 power plants needed

That means we would need 150,000,000 power plants to power this cluster. There's probably not enough real estate on planet earth to build these plants. This means we would need an entire planet dedicated to cracking this key.

 

Here are some emails relating to cracking truecrypt. Unfortunately there are no details at all, except that the truecrypt volume was opened. I realize they may have simply guessed or discovered the password so no proof at all that truecrypt can be hacked.

I've removed all identifying information, as that's likely a infraction of rules here. The emails have been leaked into the public domain and can easily be searched for. They are internal emails by a company that is hired for data forensics. 'XXXX' refers to names and irrelevant information that have been removed by me.



DATE: 9-Nov-2010

XXXX

- XXXX from XXXX has some preliminary results from
the hard drive forensics... I'll wait to provide more details until I
have a report from them, but the server contains XXXX, and unfortunately, a TrueCrypt volume. We will need to decide how far we'll want to dig into this server in terms of hours, because it sounds like we could exceed our allotted 12 pretty easily.


On Wed, Nov 10, 2010 xxxx wrote:

XXXX

Also all the titles of any documents would be great (as
well as copies of the docs), and of course if there is any other malware
info (hopefully not on the trucrypt volume... Or we will simply
have to brute-force the truecrypt - that would be a fun exercise)


On 11/11/10, XXXX wrote:
Another update:

1. XXXX broke the TrueCrypt volume tonight. Apparently he has a
real spook of a friend at the NSA who contributed. It's a crazy story.
There's a lot of stuff in that volume, and I'll wait for a full report.

On 11/11/10, XXXX wrote:

XXXX

(and by the way - amazing stuff that we now have the truecrypt files etc.)


date: Thu, 11 Nov 2010
Gentlemen,

XXXX

This will give time to discuss network plans,
and prep for FBI meeting.
Please do sound off and let us know if you can make it by 8 tomorrow.

Thank you!

XXXX

 

Are you kidding me?
Some pseudo authentic email snippit about a "spook" that broke Truecrypt?
If AES were breakable by "spooks" it would be all over the internet. People would be posting story after story about how they were arrested based on evidence that could only have come from an AES encrypted file.

The bottom line:
Previous posts all support the argument that Truecrypt encryption is unbreakable with any currently known technology.
Any "spook" will tell you it is easier (and cheaper) to access an encrypted Truecrypt volume by steeling the password via some "side channel".
Hidden camera, keylogger, bribe your roommate, send you an email trojan, TEMPEST, Evil Maid Attack and many more.

 

Well the emails are real, but how honest is the person who 'broke' the truecrypt volume?
Maybe if I was working for a data forensics company and discovered the user/pass was admin/epicrouter I'd come up with something a little more interesting to prove my credentials. Anyway I did say there's not actually any proof... then why post? . Good point.

 

Why don't you post a link? I did a google search for several lines in the email and came up with zero hits.

 

Cause it's top secret, FBI stuff, duh.
Also it's baloney.

 

chronomatic is right on the money here. Nothing more to say really. chronomatic has said it all already.

 

I"m not posting a link, but you can. This will help your search

http://www.colbertnation.com/the-co...corporate-hacker-tries-to-take-down-wikileaks

 

UGH...

 

I don't necessarily discount the possibility. It's plausible that they performed a simple dictionary attack on a weak password and were successful. It's also possible (though unlikely) they found a hole in the TC source code that allows compromise.

But, like you said, if this were true we should see more people having this same problem.

Hi, Anonymous. How's your latest DDoS going?

 

One of the dumbest messages I have seen on Wilders. Looks fake..and there's no trace of it anywhere else on the Internet.

 

hi there,

i dun get it... why crack the truecrypt container while one can try to crack the password?

 

Only in the extremely unlikely event that a cryptanalytic attack on TrueCrypt was found that is actually quicker to exploit than a strong password.

 

Umm, that's exactly what I said!

EDIT:

As for the e-mail message posted above describing a TC volume being cracked, the poster is talking about the leaked HBGary e-mails (which Anonymous leaked after they hacked their server). You can download the emails from TPB.

 

Is there a comparison on symmetric and asymetric encryption?

Truecrypt uses 256 bit symmetric, but that doesn't have the same security as a 256bit asymetric does it?

 

You would need roughly a 15360 bit asymmetric key to equal a 256 bit symmetric cipher.

 

So 4096 bit RSA isn't actually as good as it sounds?

 

4096 bit RSA is stronger than a 128 bit symmetric cipher, but not nearly as strong as a 256 bit cipher. 4096 RSA should be strong enough for at least a couple of more decades, assuming there is not some mathematical breakthrough in number theory. A 4096 bit asymmetric cipher is roughly 140-150 bits of symmetric strength.

 

So with my netbook on FDE Truecrypt, is there any built-in software that could perhaps recover the drive? I'm thinking any feature that a manufacturer could have pre-loaded.

It's an Acer Aspire.

 

Recover the drive how? I am not sure what your question is.