Would it really be enough to stand up to a government-orchestrated brute force attempt?
I doubt it somehow
AES256
Colton Powell
Jordan Myers
btw does password length scale infinitely with time taken to brute force or are there diminishing returns?
Because if it does scale indefinitely then I guess the answer to OP is: If the PW is long enough?
Asher Myers
mathematically it does not converge as far as i know
anything 20+ mixed characters should last fine until quantumeme computers are viable
Henry Clark
>aes256
>password length
The fuck are you noobs taking about?
What do you think 256 stands for?
John Wright
What the fuck are you talking about?
What kind of retard would assume I meant the password length?
Logan Smith
What, with a truly random 256-bit key, used in a proper mode? Yes, even if they had a quantum computer.
Rijndael is a perfectly good block cipher. It's not perfect - I personally prefer Salsa20, ChaCha20, or one of the CAESAR candidates - but it still does the job.
If you're deriving the key from some sort of password, then it depends on how good your password is: try the EFF or Diceware approach and use 8-10 randomly-selected words and you're not going to have any problems there.
If you're using a shorter password or PIN, then it depends on how the key is stored, and it might be possible.
If the attacker has the opportunity to observe you unlocking it, they could use a side-channel attack - not all AES implementations are resistant to those.
More realistically, the attacker is likely to use a different, more practical kind of attack entirely - maybe mug it from your hands while it's unlocked, threaten you in some way to obtain the password/key, or attack the device with malware (software or hardware) to grab the key from memory.
Jonathan Wood
Depends on the government.
US government, with unrestricted access to NASA's trillion dollar black hole simulator? No. Not even a little bit.
North Korean government, with heavily restricted access to old ThinkPads stolen from China that they have to share with Laos? Yes, definitely.
Charles Perry
the government would just take you to a black site and beat you until you hand over the password
Isaac Parker
>Would it really be enough to stand up to a government-orchestrated brute force attempt?
Brute force, yes, but if the US government really wanted to throw ALL of their weight at it, as in, every computer they have, just attempting to pass a hash, maybe in a few years.
If they want to use an alternative method, ie. beating you with a wrench and waterboarding you: ten minutes.
You also have to remember that AES is flawed by design due to US government influence, they have designed it so they can break it easily, but AFAIK only DHS and NSA share that ability - the FBI gets to told to sit and spin.
Oliver Allen
>What, with a truly random 256-bit key, used in a proper mode? Yes, even if they had a quantum computer.
Breaking any non-quantum encryption becomes trivial with a quantum computer.