eCryptfs

Mathmatics - how many years to decrypt in reverse order?

Asked by Ted_Smith

Hi

Bit weird this question, but I'm asking because it's something I'd like to use for a presentation to help the less technically inclined understand how good eCryptfs is.

We are aware of the various encryption stages and I think this is the right order :

1) Linux Login password is encrypted using the Linux OS - 3DES algorithm I believe.
2) Decrypted login password is used as the key for the AES-128 encrypted 128-bit (32 char) randomly generated mount passphrase.
3) The decrypted mount passphrase is SHA512 hashed 65,536 times to generate FEKEK, which is used to decrypt each files' FEKs (not interested in file name encryption aspect)
4) FEKs are randomly generated by the Linux function get_random_bytes and themselves encrypted by the FEKEK, making them into an EFEK.

What I want to demonstrate is just how infeasible brute forcing a system like this is, mathmatically. I'd like to say "So, if you have the worlds fastest computer (the couger) which has X CPU's and X amount of RAM it would take X years to brute force in reverse order..." However, I'm not good enough at maths to work it out! Does anyone know how to do it?

Ted

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
Last query:
Last reply:
Revision history for this message
Best Dustin Kirkland  (kirkland) said : 		#1

See the math at:

http://blog.dustinkirkland.com/2009/01/daemon-challenge-2-we-have-winner.html

:-Dustin

Revision history for this message
Ted_Smith (tedsmith28) said : 		#2

Thanks Dustin Kirkland, that solved my question.