Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

Kent Borg wrote:
> I feel like you want me to draw a conclusion.  Are you saying 80-bits is
> not "pretty dang good"?  Or are you saying Snowden's "trillion a second"
> was wrong?  Or something else?

I described a home-brew, trillion per second brute force engine that can 
fit in half a rack of computing space at a cost of around $50K. Really. 
100 Radeon cards at $250 each is $25,000. I figure another $25 for 
cabinetry, power, wiring, and the Infiniband switch.

A typical colo rack takes up ~25 square feet. That includes power, 
ventilation and human spaces with cage around the rack so there's a fair 
bit of wasted space. Still, it's a fair baseline. That's 2 trillion 
passwords per second per 25 square feet or 80 billion passwords per 
second per square foot.

An acre is about 43,500 square feet. I tried to do the math but my 
calculator ERR'd out, the numbers are too big. Google says that an acre 
of compute facility like that can run approximately 3.5x10^15 passwords 
per second.

The NSA's Utah data center? 100,000 square feet dedicated to data 
center. Power needs? Expected to require 65 megawatts at a cost of about 
$40 million per year. And it's water-cooled and it's not a caged colo so 
they'll almost certainly pack the stacks more densely than my base line.

I don't know what the NSA's ratio of storage to compute is planned to be 
but I figure approximately a half acre for storage. That leaves an acre 
and a half for computation. At twice the rack density of a colo cage 
that's... about 1.044e+19 passwords per second. Cost is... I figure 
under $300 million for the hardware.

If I did my math right, a facility like that can brute-force any 80-bit 
key in about 32 hours. Keys smaller than about 68 bits (28 seconds) 
would probably take longer to spin up the jobs than run the actual searches.

This assumes that the NSA would even bother trying to brute force "big" 
ciphers like AES when some other kinds of attacks would be far more 
practical and productive.

Protip: every cipher has weaknesses.

Protip 2: assume the NSA knows these weaknesses.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /