[Discuss] KeePassX

Kent Borg kentborg at borg.org
Tue Aug 13 11:37:00 EDT 2013 

On 08/13/2013 09:36 AM, Richard Pieri wrote:
> The NSA has computing facilities measured in acres.

I feel like you want me to draw a conclusion.  Are you saying 80-bits is 
not "pretty dang good"?  Or are you saying Snowden's "trillion a second" 
was wrong?  Or something else?

Maybe Snowden's "trillion a second" advice was for the 
snoop-on-everything mode.  I.E., before the feds knew they were pissed, 
before Obama or the rest of us had ever heard of Snowden, as a matter of 
routine, they do a trillion tests a second, on lots of data.  Or maybe 
on limited data.  I could believe either.

And once they are pissed, and want blood, they can start to deploy real 
muscle.  What could that mean?

"Unlimited" as their budget is, there are earthly limits.  Let's take an 
extreme and say they have a trillion dollar password cracker, let's 
assume they built it as efficiently as some hacker who gives public 
talks at a conference in Oslo:

If $150,000 can do a trillion NTML passwords a second (and who knows 
what kind of password Snowden was talking about, but let's assume 
similar difficulty, even though the 25 GPU box was 5-times slower doing 
sha1 than NTML and any reasonable "password strengthening" would likely 
help further), then a trillion dollars can do 6.7 quintillion checks a 
second.  I hope I have my math right.

(2**80)/6,700,000,000,000,000,000 is 180,436 seconds to test an entire 
80-bit space.  Or, 50-hours.  Worse if we are smart enough to not use 
Windows.

Except, they don't have a trillion dollar password cracker.  Our economy 
isn't big enough for them to have built that without a lot more pain 
than we have felt.  Maybe they only have a 100-billion dollar password 
cracker.  Maybe it is a few years old.  Maybe it was built with 
traditional government efficiency.  But even if they did have such an 
uber-cracker, they couldn't crack many 80-bit passwords in a year.  And 
their electricity bill would be high.

So I stand by my "80-bits is pretty dang good".  And I still like my 
earlier claim that 128-bits of entropy stops the NSA from brute forcing.

Please let me know if I made any arithmetic errors.

-kb

More information about the Discuss mailing list