TrueCrypt cracking in the future

Discussion in 'privacy technology' started by FileShredder, Jan 30, 2011.

Thread Status:
Not open for further replies.
  1. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    I hear calculations of so many million years before a 64 character password will be brute-forced on TrueCrypt, but I thought that works on a (unlikely) assumption that computer power will stay the same level it is now.

    For instance, in the past 100 years, there has been an explosion in the advancement of technology, and if the same happens this century, could TrueCrypt files possibly be broken a lot sooner?

    If a Quantum computer tried to crack a 64 character cascading TrueCrypt container, would it actually take merely seconds, or still time-consuming but easier?
     
  2. katio

    katio Guest

    Also have a look here: https://www.wilderssecurity.com/showthread.php?t=288903

    There are two factors, advances in technology and advances in cryptanalysis/mathematics.
    About the first one: there are linear, predictable advances (like Moore's law). Some encryptions today are so strong that this kind of evolutionary progress can never crack them. Revolutionary new technology like QC can change that.

    About the latter: Here's a recent example:
    http://www.wired.com/wiredscience/2011/01/partition-numbers-fractals/

    We can only speculate but if history has proven anything it's that most of the assumptions, facts and truths we believe in the present will be exposed as false in the future.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    A 64 character password is so incredibly strong (especially if it's random) that it doesn't matter much about how fast computer technology advances, it still wont be feasible to break it. This is especially true due to the Landauer Limit, which basically means that the energy requirements for the computation would be too large to be feasible. You must take energy requirements into account and there isn't enough energy on earth to do it.

    Quantum computers are the most effective against asymmetric (public key) crypto and are less effective against symmetric ciphers like AES or Twofish. The best a QC can do against something like AES is cut the keylength in half. Thus, AES-256 will be as hard to break for a QC as AES-128 is for classical computers.
     
  4. 16s

    16s Registered Member

    Joined:
    Jan 7, 2011
    Posts:
    32
    There are research papers that describe how many bits you need to add to your keys to remain strong over time taking into consideration Moore's Law, computational advancements, etc. Here's a good one with many respected names on it:

    http://people.csail.mit.edu/rivest/bsa-final-report.ps

    I use 28 character base64 and 40 character hexadecimal encoded SHA1 sums generated from sentences for my passwords. IMO, these are good for the foreseeable future. 64^28 is a darn big number as is 16^40.

    Here's my program (SHA1_Pass) that generates these passwords:

    http://16s.us/sha1_pass/

    Feel free to use it.
     
  5. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    One theory used to assert that long passwords will remain safe from brute force is the "Von Neumann-Landauer Limit".
    See:
    http://en.wikipedia.org/wiki/Brute-force_attack

    Using this limit, even an energy efficient computer that just flips through all possible bit combinations of a 256 bit password in one year would require a constant 30 gigawatts of power. To actually test each combination would require much more power.
    Energy costs are increasing not decreasing so the cost of brute forcing a password is increasing into the future.
    The only risk a strong password faces is the threat of a weakness being found in the encryption algorithm which reduces the number of brute force combinations by many orders of magnitude.
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    ^^ What he said. Since no one has invented reversible computing yet, we are bound by the Landauer Limit. This means that no matter how fast computers become in the future, they will still require lots of energy to brute force a cipher and/or passphrase. 30 gigawatts of power, as used in the example above, is equivalent to about 30 nuclear power plants being dedicated to cracking a single key. And I am not so sure that 30 gigawatts is accurate -- I think it would take a lot more energy than that to brute-force a 256 bit key, much more energy in fact.

    For instance, let's say you had a cluster of GPU's (like an Nvidia Tesla or Fermi). We know from benchmarks that the fastest of these GPU's can calculate about 2 billion passwords per second (depending on the hash used). Let's say you had a cluster of a billion of these GPU's. Therefore, multiply 1 billion GPU's by 2 billion passwords. This equals 2000000000000000000 passwords per second. To convert that to years, we multiply by 31556952.

    Code:
    2000000000000000000 X 31556952 = 6.3113904e25
    So, 1 billion GPU's can calculate about 6.3113904e25 passwords per year.

    A 256 bit passphrase or key will have 2^256 combinations, but on average a machine will only half to exhaust 1/2 of the keyspace before it finds the key. 1/2 of 2^256 = 2^255. Now, divide 2^255 by 6.3113904e25

    Code:
    2^255/6.3113904e25 =  9.17326309249671795169e50 years
    Therefore, it would still take a cluster of 1 billion GPU's longer than the age of the universe to brute force a 256 bit key (much longer than the age of the universe).

    But, as for the Landauer Limit, that's easy to compute too. Most high-end GPU's take around 150w of energy to power them at full load. So, let's multiply 150w by 1 billion GPU's:

    Code:
    150 X 1000000000= 1.5e11 watts
    We know that the bigger nuclear power plant reactors can output about 1 gigawatt of energy. Therefore:

    Code:
    1.5e11 watts / 1 gigawatt = 150
    Therefore, you would need a 150 nuclear power plants to power a cluster of 1 billion GPU's. And even then it would still take them longer than the age of the universe to exhaust 1/2 of a 256 bit keyspace.

    Let's say we had 1 quadrillion of these GPU's.

    Code:
    1000000000000000 GPU's X 2000000000 passwords/sec = 2e24 passwords/sec
    Now convert that to years:

    Code:
    2e24 passwords/sec X 31556952 = 6.3113904e31 passwords/year
    They could compute 6.3113904e31 passwords a year. Now let's find out how long it would take them to compute 2^255 passwords:

    Code:
    2^255 / 6.3113904e31 = 9.17326309249671795169e44 years
    Still much longer than the age of the universe. There is not much difference in a billion GPU's and a quadrillion. Neither can complete the key before the sun burns out.

    Now, as for the Landauer Limit. To power 1 quadrillion GPU's, we would need:

    Code:
    1 quadrillion x 150w = 1.5e17 watts
    Now, divide that by 1 gigawatt:

    Code:
    1.5e17 / 1 billion watts = 1.5e8 power plants needed
    That means we would need 150,000,000 power plants to power this cluster. There's probably not enough real estate on planet earth to build these plants. This means we would need an entire planet dedicated to cracking this key. :D
     
    Last edited: Feb 7, 2011
  7. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
    Here are some emails relating to cracking truecrypt. Unfortunately there are no details at all, except that the truecrypt volume was opened. I realize they may have simply guessed or discovered the password so no proof at all that truecrypt can be hacked.

    I've removed all identifying information, as that's likely a infraction of rules here. The emails have been leaked into the public domain and can easily be searched for. They are internal emails by a company that is hired for data forensics. 'XXXX' refers to names and irrelevant information that have been removed by me.



    DATE: 9-Nov-2010

    XXXX

    - XXXX from XXXX has some preliminary results from
    the hard drive forensics... I'll wait to provide more details until I
    have a report from them, but the server contains XXXX, and unfortunately, a TrueCrypt volume. We will need to decide how far we'll want to dig into this server in terms of hours, because it sounds like we could exceed our allotted 12 pretty easily.


    On Wed, Nov 10, 2010 xxxx wrote:

    XXXX

    Also all the titles of any documents would be great (as
    well as copies of the docs), and of course if there is any other malware
    info (hopefully not on the trucrypt volume... Or we will simply
    have to brute-force the truecrypt - that would be a fun exercise)


    On 11/11/10, XXXX wrote:
    Another update:

    1. XXXX broke the TrueCrypt volume tonight. Apparently he has a
    real spook of a friend at the NSA who contributed. It's a crazy story.

    There's a lot of stuff in that volume, and I'll wait for a full report.

    On 11/11/10, XXXX wrote:

    XXXX

    (and by the way - amazing stuff that we now have the truecrypt files etc.)


    date: Thu, 11 Nov 2010
    Gentlemen,

    XXXX

    This will give time to discuss network plans,
    and prep for FBI meeting.
    Please do sound off and let us know if you can make it by 8 tomorrow.

    Thank you!

    XXXX
     
  8. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Are you kidding me?
    Some pseudo authentic email snippit about a "spook" that broke Truecrypt?
    If AES were breakable by "spooks" it would be all over the internet. People would be posting story after story about how they were arrested based on evidence that could only have come from an AES encrypted file.

    The bottom line:
    Previous posts all support the argument that Truecrypt encryption is unbreakable with any currently known technology.
    Any "spook" will tell you it is easier (and cheaper) to access an encrypted Truecrypt volume by steeling the password via some "side channel".
    Hidden camera, keylogger, bribe your roommate, send you an email trojan, TEMPEST, Evil Maid Attack and many more.
     
  9. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
    Well the emails are real, but how honest is the person who 'broke' the truecrypt volume?
    Maybe if I was working for a data forensics company and discovered the user/pass was admin/epicrouter I'd come up with something a little more interesting to prove my credentials. Anyway I did say there's not actually any proof... then why post? . Good point.
     
  10. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Why don't you post a link? I did a google search for several lines in the email and came up with zero hits.
     
  11. katio

    katio Guest

    Cause it's top secret, FBI stuff, duh.
    Also it's baloney.
     
  12. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    chronomatic is right on the money here. Nothing more to say really. chronomatic has said it all already.
     
  13. jesusjesus

    jesusjesus Registered Member

    Joined:
    Jul 21, 2009
    Posts:
    61
  14. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    UGH...
     
    Last edited: Feb 26, 2011
  15. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I don't necessarily discount the possibility. It's plausible that they performed a simple dictionary attack on a weak password and were successful. It's also possible (though unlikely) they found a hole in the TC source code that allows compromise.

    But, like you said, if this were true we should see more people having this same problem.

    Hi, Anonymous. How's your latest DDoS going?
     
  16. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245

    One of the dumbest messages I have seen on Wilders. Looks fake..and there's no trace of it anywhere else on the Internet.
     
  17. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    hi there,

    i dun get it... why crack the truecrypt container while one can try to crack the password?
     
  18. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Only in the extremely unlikely event that a cryptanalytic attack on TrueCrypt was found that is actually quicker to exploit than a strong password.
     
  19. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Umm, that's exactly what I said!

    EDIT:

    As for the e-mail message posted above describing a TC volume being cracked, the poster is talking about the leaked HBGary e-mails (which Anonymous leaked after they hacked their server). You can download the emails from TPB.
     
    Last edited: Feb 27, 2011
  20. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    Is there a comparison on symmetric and asymetric encryption?

    Truecrypt uses 256 bit symmetric, but that doesn't have the same security as a 256bit asymetric does it?
     
  21. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    You would need roughly a 15360 bit asymmetric key to equal a 256 bit symmetric cipher.
     
  22. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    So 4096 bit RSA isn't actually as good as it sounds?
     
  23. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    4096 bit RSA is stronger than a 128 bit symmetric cipher, but not nearly as strong as a 256 bit cipher. 4096 RSA should be strong enough for at least a couple of more decades, assuming there is not some mathematical breakthrough in number theory. A 4096 bit asymmetric cipher is roughly 140-150 bits of symmetric strength.
     
  24. FileShredder

    FileShredder Registered Member

    Joined:
    Jan 3, 2011
    Posts:
    28
    So with my netbook on FDE Truecrypt, is there any built-in software that could perhaps recover the drive? I'm thinking any feature that a manufacturer could have pre-loaded.

    It's an Acer Aspire.
     
  25. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Recover the drive how? I am not sure what your question is.
     
Loading...
Thread Status:
Not open for further replies.