This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
128-bit encryption still good enough against GPU brute force attacks?
Hi - I'm thinking of switching from SplashID to 1Password because I have some serious issues with SplashID as it randomly deletes records from its DB. However, I'm a bit concerned that 1Password use only 128-bit keys whilst SplashID is using 256-bit keys. In your Agile Keychain Design document you mention:
"We felt that adding an extra 128 bits, i.e., multiplying 149 trillion years by an extra 3.4 x 1038, was not worth the performance cost that would be incurred."
I'm sure 128 bits were sufficient years ago but nowadays with brute force attacks based on graphic chips offering near super computing capability 128 bits seem no longer adequate. How do you assess the threat of GPU-based attacks and what are your plans of tackling this challenge?
Cheers
Michael
"We felt that adding an extra 128 bits, i.e., multiplying 149 trillion years by an extra 3.4 x 1038, was not worth the performance cost that would be incurred."
I'm sure 128 bits were sufficient years ago but nowadays with brute force attacks based on graphic chips offering near super computing capability 128 bits seem no longer adequate. How do you assess the threat of GPU-based attacks and what are your plans of tackling this challenge?
Cheers
Michael
Flag
0
Comments
-
I have done a bit moor research into the market of password utilities and found that of hose I checked besides Agile only Callpod uses 128 bits:
128-bit encryption
1Password by Agile
Keeper by Callpod
256-bit encryption
Wallet from Acrylic
SplashID from SplashData
Strip from Zetetic
mSecure by mSeven
eWallet by Ilium
256-bit and 512-bit encryption
My Eyes Only by Software Ops
Maybe, I'm barking up the wrong tree here but it would be useful to get some feedback from other users (also see poll) and, in particular, from Agile.
Cheers
MichaelFlag 0 -
Hi m w,
Thanks for bringing this up. It is a great topic to go into and one of my favorites.
First, I would like anybody interested in this to visit our technical guide on this:
http://help.agile.ws/1Password3/agile_keychain_design.html
You may have notice that we are already aware of the GPU-based hash crackers as we talked about the "Lighting Hash Cracker" which uses the nvidia's CUDA technology to accelerate the "math" libraries by taking advantage of the massive parallel computational ability that GPUs have.
The tool we used against that is the PBKF2, it basically produce a derived key based on the master password that's been "randomized" 1000 times, which means that crackers have to brute force the key in 1000 different ways to figure out the password. If it even takes one year to process one pass with the most powerful GPU farms, it still require at least 999 years to figure out the password. That's how much work is required even for an AES-128 bit key.
The thing is, even if the GPUs are increasing the amount of keys it can check (100x more per keys), it still takes decades to find a single key. It's like having 1 billion people in the desert looking for a single grain, it's still going to take a long time.Flag 0 -
Agreed. The internet (and the digital landscape as a whole) would be a much safer place if everyone were as concerned and diligent about security.
That said, I guess the way I prefer to think of it is from the perspective of weak links in the security chain. By far the greatest risk of all is physical theft. Someone who has access to your machine itself would, by far, be best positioned to leverage whatever data they could obtain from your system. For example, a burglar would already know your address and perhaps more personal information gleaned from affects in your home, which could then be used in conjunction with credit card numbers, etc.
So i guess my point is that if someone has access to the 1Password keychain stored on your home computer, they probably don't need to be able to break the encryption at all; they can probably harvest plenty of data left lying around your hard drive in caches and stray files, such as email and documents. In order to avoid all of this, one can prevent physical access, and use full disk encryption (such as TrueCrypt) to ensure that data is inaccessible in cases of loss or theft.
In my understanding, a 128bit cypher is more than sufficient to lock out all but the most determined and well-geared hackers. If it were me, I wouldn't bother with individuals: banks and supermarkets, which often have lax database security, are a much bigger target. However, if you're still concerned that a 128bit cypher is insufficient (as all encryption is vulnerable to a brute force attack, given enough time,) encrypting the entire disk with a stronger cypher would protect the entire filesystem -- including your 1Password keychain -- with an encryption strength of your choosing.Flag 0 -
[quote name='toromei' timestamp='1283583418' post='10510']
Agreed. The internet (and the digital landscape as a whole) would be a much safer place if everyone were as concerned and diligent about security.
That said, I guess the way I prefer to think of it is from the perspective of weak links in the security chain. By far the greatest risk of all is physical theft. Someone who has access to your machine itself would, by far, be best positioned to leverage whatever data they could obtain from your system. For example, a burglar would already know your address and perhaps more personal information gleaned from affects in your home, which could then be used in conjunction with credit card numbers, etc.
So i guess my point is that if someone has access to the 1Password keychain stored on your home computer, they probably don't need to be able to break the encryption at all; they can probably harvest plenty of data left lying around your hard drive in caches and stray files, such as email and documents. In order to avoid all of this, one can prevent physical access, and use full disk encryption (such as TrueCrypt) to ensure that data is inaccessible in cases of loss or theft.
In my understanding, a 128bit cypher is more than sufficient to lock out all but the most determined and well-geared hackers. If it were me, I wouldn't bother with individuals: banks and supermarkets, which often have lax database security, are a much bigger target. However, if you're still concerned that a 128bit cypher is insufficient (as all encryption is vulnerable to a brute force attack, given enough time,) encrypting the entire disk with a stronger cypher would protect the entire filesystem -- including your 1Password keychain -- with an encryption strength of your choosing.
[/quote]
You bought up a lot of great points. I want to add that there's also the option that instead of using full disk encryption tools, a tool like Knox/Truecrypt/Espionage would be sufficient to encrypt your highly sensitive information as well.
One of the things that people keep forgetting to do is to encrypt their external drives or usb drives, they put their main focus on protecting their main drive in their system but they never really think about the external drives. A person can lock their laptops to the floors for all I care, if I see an external drive around, that's what I'd take if I was a thief.
Humans are always going to be the weakest link in any security system. The other one of the most important things that people keep forgetting is that when you use an encryption tool, you really need to set a long strong complicated password for it. If you use a password like "1234", all hackers have to do is enter "1234" and no encryption in the world can protect against that.
Unfortunately, beside education, there's just no real defense when it comes to social engineering. The best security product in the world can be broken within seconds if somebody was fooled into revealing their information without knowing they were revealing it in the first place.Flag 0