0

I am not too familiar with the technical jargon, so bear with me while I explain the issue in simple and naive words. I have looked into many places but still haven't found a solution to this specific problem. (such as this, or this, etc.)

A bit of (un-)related background:

I have recently come across several articles that outline the unparalleled prowess of GPUs in cracking passwords.

One such article was the use of a 25-GPU cluster to crack any Windows password in about six hours. Another article here claims that one Nvidia GTX 1080 can be 250 times faster than a powerful Intel CPU in cracking passwords.

It is also worth mentioning that a standard crypto-mining farm owns about 500-1000 GPUs.

My question here is twofold, but mainly concerns the endurance of passwords/encryption methods we use right now against future breaks/cracks.

Suppose I send an archive of confidential information to a friend over the Internet (using Google Drive, Torrent, Dropbox, or whatever) and this archive is encrypted using a tool such as VeraCrypt with the three-Cipher cascade of algorithms (e.g. RSA(Serpent(Two-fish))) and a password that is 64 characters in length and contains lowercase, uppercase, numbers, symbols, and has a very high entropy. Now, a very keen hacker gets their hands on the file during the transfer and stores the file "forever", i.e. until they are able to break into it. Probably, they will share the file with their other hacker friends and collectively spread it to many other hackers to work on it.. The assumption is that my file is now spread among many people who are going to retain it until the day they can break into it.

Getting back to the questions; First, I want to understand the relation between time, computing power/resources, and breaking a certain encryption algorithm. How can we become immune to the future? Given that our file is now in the hands of a dozen of hackers who are stubborn enough to store it for many, many decades, how can we estimate when they are going to break into it, taking into account the three encryption algorithms and the strong password we have used and the gradual technological advances (e.g. average improvement in hash rate per year/decade, faster CPUs and GPUs, decrease in price and more people getting their hands on more powerful resources, etc.).

Second, would the results (time and computing power needed) change if we add keyfiles to our encryption process? Will the number become bigger if we add more keyfiles?

Neli
  • 229
  • 1
  • 2
  • 6
  • Your issue is much more likely to be the use of veracrypt with file transfers, that's not what it was designed for. – AndrolGenhald Apr 26 '18 at 14:31
  • @AndrolGenhald It is not, but it should not be a problem. Actually it might be even better than many methods that were designed for it. – Peter Harmann Apr 26 '18 at 14:33
  • @PeterHarmann XTS mode (which I believe veracrypt defaults to) is unauthenticated, and in general is unnecessarily weak if you assume the attacker has repeated access. – AndrolGenhald Apr 26 '18 at 14:35
  • @AndrolGenhald That is true, but we are talking about confidentiality here. But I will include a warning in my answer. As for XTS being weaker, can you explain how? – Peter Harmann Apr 26 '18 at 14:47
  • @PeterHarmann There is no single nonce or iv that will scramble the entire ciphertext because it is designed specifically for disk encryption, and should _only_ be used for disk encryption. https://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/ – AndrolGenhald Apr 26 '18 at 14:51
  • @AndrolGenhald OK, yes. I admit this is not good. But I don't think it is the point of this question. – Peter Harmann Apr 26 '18 at 14:56
  • Possible duplicate of [Use multiple computers for faster brute force](https://security.stackexchange.com/questions/116566/use-multiple-computers-for-faster-brute-force). tl;dr if you use AES-256 a perfectly efficient computer using all of the possible energy in the galaxy wouldn't come close to breaking it. – AndrolGenhald Apr 26 '18 at 14:58
  • Possible duplicate of [Calculate time taken to break AES key](https://security.stackexchange.com/questions/82389/calculate-time-taken-to-break-aes-key) – forest Apr 29 '18 at 09:35

2 Answers2

1

First and foremost, I assume you mean AES, not RSA. I also assume integrity is of no concern/is provided in other way, as VeraCrypt does not provide data integrity checks. Furthermore, I assume the attackers only have one version of the data, as XTS is apparently weaker to analysis of changes. I also don't consider side-channels and analysis of the data, as I assume your security is perfect in other areas. All in all, you probably should not use VeraCrypt for file sharing, as there are many problems with it.

Second of all, if you have good enough password, it should not help to have key-files added. Though technically, if I am not mistaken, you may actually want to use 128 characters to achieve the full potential of the three nested ciphers, because each cipher needs 256 bit key, so you want 768 bits of entropy. This is one of the very rare cases where passphrase longer than 64 random characters make sense.

As for cracking the keys using brute force, I don't believe it would be possible before the heat-death of the universe regardless of the advancements in technology and increase in availability. I recently estimated here, that it is possible to crack 14 bit AES key in a day on a good CPU. Getting to even 128 bits seems unfeasible even in decades, without a massive breakthrough. And almost 512 bits are just near impossible. It is currently believed not even quantum computers will actually break these symmetric ciphers.

The other way this may be broken however is breaking of the underlying ciphers. AES-256 already has a known issue, because of which it does not provide full 256 bits of protection. If these ciphers get broken enough (their protection decreases enough, it may be feasible to break this in the far future). However, it is impossible to accurately predict, whether and how much will these ciphers be broken. I would predict, that using three good ciphers should provide protection for at least several decades, probably a lot more. This is simply based on the fact these are already old, popular and well studied and also because there are three of them and all three would have to be weakened significantly.

Peter Harmann
  • 7,778
  • 5
  • 20
  • 28
0

I am no expert either but I found this article really interesting https://www.wordfence.com/learn/how-passwords-work-and-cracking-passwords/ near the bottom is an idea of how password strength affects the time taken to crack - you will be very surprised how much difference 12 characters makes over 9.

Kev Peard
  • 3
  • 3