Re: Are key files better than passwords?

on 28/06/2009, Joseph Ashwood supposed :
"Dimona" <mmm@xxxxxxx> wrote in message news:h25v0p$arf$1@xxxxxxxxxxxxxxxxxx
Will key files guarantee me protection agains brute force attacks for the next 50 years?

Taken in isolation, that question can be answered, a 384-bit key is sufficient to resist a brute-force attack for the entire existence of the universe (actually its about 330-bits, but 384 is rounder for computers). But this does not answer your real question. Your real question is, what will be secure in 50 years? History is not kind to this question. Looking back to the absolute state-of-the-art knowledge just 32 years ago (DES and original RSA publication), very little of that safety exists today.

I am using Truecrypt with the AES algorythm and Whirlpool for this.

The odds are VERY high that neither of those will last 50 years, in truth we have little confidnce of what will be necessary to last the next 5 years undisturbed.

What I would recommend is to perform an analysis based on the value of the information, build a depreciation/appreciation schedule for it, assume a cost and computation model for the future of computers, assume an erosion rate for th cipher(s). From there that will tell you how which ciphers will be safe enough.

Good luck or lots of money, you'll need at least one.
Joe

I am making the conclusion that the claims that certain algorythms make to be uncrackable it is actually bull*** then.

A real quality encryption algorythm will be made future proof against the expected computer power improvements.

My point of view is that brute force attacks will be the weakest point of the chain per excellence, by using a secret keyfile I eliminate that weak point, now what I need to establish is if the AES algorythm is good enough to resist 50 years. I thought it was because everyone says, but then they said the same of DES.


.

Quantcast