Re: brute-force attacks on cryptoloop or loop-AES

[Jari Ruusu <jari.ruusu@pp.inet.fi>]

Gerhard Schneider wrote:
> I have been searching the lists for any hints concerning the high
> probability of brute-force-attaccks aginst the password of an encrypted
> filesystem, but did not find much.
[snip]
> There is the -S option in loop-AES, which aims to slow down dictionary
> attacks. Does this mean the computation time for one guess inreases?

Total CPU time does not increase for just one filesystem.

Use of -S option just means that attacker can't start precomputing
passphrase hash values prior to knowing the seed. That slows down
*optimized* dictionary attack where hash values are only computed once in
advance.

If attacker attempts to crack 3 encrypted filesystems *without* -S option:

0)  Compute passphrase hash values for every passphrase in dictionary.
    Attacker had computed this last year so he does not need to do this now.

1)  Try each hash for filesystem #1
2)  Try each hash for filesystem #2
3)  Try each hash for filesystem #3

If attacker attempts to crack 3 encrypted filesystems *with* -S option:

1)  Compute passphrase hash values for every passphrase in dictionary.
2)  Try each hash for filesystem #1
3)  Compute passphrase hash values for every passphrase in dictionary.
4)  Try each hash for filesystem #2
5)  Compute passphrase hash values for every passphrase in dictionary.
6)  Try each hash for filesystem #3

Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/