Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*Subject*: [Discuss] KeePassX*From*: richard.pieri at gmail.com (Richard Pieri)*Date*: Tue, 13 Aug 2013 13:29:59 -0400*In-reply-to*: <520A529C.2010305@borg.org>*References*: <51EDC3BE.3020902@thekramers.net> <51EDCB55.1020103@gmail.com> <CAFv2jcY7fadOoDVfuUB6nKN76pZTBK+Gk5tF5hTWTKZ6Xr=ryQ@mail.gmail.com> <CANaytcd3TDLv0Ds=jZNKkMb1Ki87XJsZht1KvuYE=Ku3fm+Kpg@mail.gmail.com> <51EEA862.2070701@borg.org> <CANaytcdQUvym0JQ4-L4A1XTYmux_GPH7J8ybp9sx9U5q4oFYDg@mail.gmail.com> <51EF03B0.4070001@gmail.com> <aa4d53ccca374119a8262e5b37802b4a@BLUPR04MB040.namprd04.prod.outlook.com> <51EFE58F.1040308@borg.org> <520A2A4C.4080807@borg.org> <520A364B.8020708@gmail.com> <520A529C.2010305@borg.org>

Kent Borg wrote: > I feel like you want me to draw a conclusion. Are you saying 80-bits is > not "pretty dang good"? Or are you saying Snowden's "trillion a second" > was wrong? Or something else? I described a home-brew, trillion per second brute force engine that can fit in half a rack of computing space at a cost of around $50K. Really. 100 Radeon cards at $250 each is $25,000. I figure another $25 for cabinetry, power, wiring, and the Infiniband switch. A typical colo rack takes up ~25 square feet. That includes power, ventilation and human spaces with cage around the rack so there's a fair bit of wasted space. Still, it's a fair baseline. That's 2 trillion passwords per second per 25 square feet or 80 billion passwords per second per square foot. An acre is about 43,500 square feet. I tried to do the math but my calculator ERR'd out, the numbers are too big. Google says that an acre of compute facility like that can run approximately 3.5x10^15 passwords per second. The NSA's Utah data center? 100,000 square feet dedicated to data center. Power needs? Expected to require 65 megawatts at a cost of about $40 million per year. And it's water-cooled and it's not a caged colo so they'll almost certainly pack the stacks more densely than my base line. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 I don't know what the NSA's ratio of storage to compute is planned to be but I figure approximately a half acre for storage. That leaves an acre and a half for computation. At twice the rack density of a colo cage that's... about 1.044e+19 passwords per second. Cost is... I figure under $300 million for the hardware. If I did my math right, a facility like that can brute-force any 80-bit key in about 32 hours. Keys smaller than about 68 bits (28 seconds) would probably take longer to spin up the jobs than run the actual searches. This assumes that the NSA would even bother trying to brute force "big" ciphers like AES when some other kinds of attacks would be far more practical and productive. Protip: every cipher has weaknesses. Protip 2: assume the NSA knows these weaknesses. -- Rich P.

**Follow-Ups**:**[Discuss] KeePassX***From:*kentborg at borg.org (Kent Borg)

**References**:**[Discuss] KeePassX***From:*kentborg at borg.org (Kent Borg)

**[Discuss] KeePassX***From:*richard.pieri at gmail.com (Richard Pieri)

**[Discuss] KeePassX***From:*kentborg at borg.org (Kent Borg)

- Prev by Date:
**[Discuss] KeePassX** - Next by Date:
**[Discuss] KeePassX** - Previous by thread:
**[Discuss] KeePassX** - Next by thread:
**[Discuss] KeePassX** - Index(es):

BLU is a member of BostonUserGroups | |

We also thank MIT for the use of their facilities. |

Boston Linux & Unix / webmaster@blu.org