AES256

btw does password length scale infinitely with time taken to brute force or are there diminishing returns?

Because if it does scale indefinitely then I guess the answer to OP is: If the PW is long enough?

>>57869655
mathematically it does not converge as far as i know
anything 20+ mixed characters should last fine until quantumeme computers are viable

>aes256
>password length

The fuck are you noobs taking about?
What do you think 256 stands for?

>>57869724
What the fuck are you talking about?
What kind of retard would assume I meant the password length?

>>57869525
What, with a truly random 256-bit key, used in a proper mode? Yes, even if they had a quantum computer.

Rijndael is a perfectly good block cipher. It's not perfect - I personally prefer Salsa20, ChaCha20, or one of the CAESAR candidates - but it still does the job.

If you're deriving the key from some sort of password, then it depends on how good your password is: try the EFF or Diceware approach and use 8-10 randomly-selected words and you're not going to have any problems there.

If you're using a shorter password or PIN, then it depends on how the key is stored, and it might be possible.

If the attacker has the opportunity to observe you unlocking it, they could use a side-channel attack - not all AES implementations are resistant to those.

More realistically, the attacker is likely to use a different, more practical kind of attack entirely - maybe mug it from your hands while it's unlocked, threaten you in some way to obtain the password/key, or attack the device with malware (software or hardware) to grab the key from memory.

Depends on the government.
US government, with unrestricted access to NASA's trillion dollar black hole simulator? No. Not even a little bit.
North Korean government, with heavily restricted access to old ThinkPads stolen from China that they have to share with Laos? Yes, definitely.

>>57869525
the government would just take you to a black site and beat you until you hand over the password

>>57869525
>Would it really be enough to stand up to a government-orchestrated brute force attempt?
Brute force, yes, but if the US government really wanted to throw ALL of their weight at it, as in, every computer they have, just attempting to pass a hash, maybe in a few years.

If they want to use an alternative method, ie. beating you with a wrench and waterboarding you: ten minutes.

You also have to remember that AES is flawed by design due to US government influence, they have designed it so they can break it easily, but AFAIK only DHS and NSA share that ability - the FBI gets to told to sit and spin.

>>57869855
>What, with a truly random 256-bit key, used in a proper mode? Yes, even if they had a quantum computer.

Breaking any non-quantum encryption becomes trivial with a quantum computer.

>>57869855
>>57869962
>quantum computing
>anything but autistic fantasy
Set phasers to dumb, I'm detecting high levels of /g/ on the scanner.

>>57869994
>strawmanning this hard
I just pointed out that the anon is wrong.

>>57869930
This. Crypto is very interesting and I like nerding out over it as much as the next guy, but in reality if somebody or some government really wanted access to something you've encrypted there are many, many more efficient ways than trying to break it.

Realistically I can't think of a single situation where a government would build an encryption-breaking super computer, or whatever, when they could just smash your legs with a $5 tyre iron.

File: index.png (366B, 32x28px) Image search: [Google]

366B, 32x28px

cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdXX

>>57870264
Getting encrypted intel out of a dead guy's zip disquette about upcoming attacks by his allies.
Using encrypted data on a runner's PC to find out where he went.
Opening encrypted files government incompents locked themselves out of.
Cheating at wargames.
Maxxing out the budget so they can apply for an increase next quarter.

Is the best aes mode is XTS ? or not?

>>57871111
Depends. I usually use CBC for simple file encryption.

>>57869694
>implying they're not already used by NSA and Google
Anon...

>>57870666
a friend of mine who worked in forensics for a few years said it best about encryption. you WILL have to decrypt it one day to use it, and all it takes is there being a malicious file put before the encryption (like dirty maid on truecrypt which i know is now patched)

>>57869930
durr that's why i have muh rubber hose file system where i store all my 1337 h4x

Why do people keep thinking the government will waste their time trying to crack your password ?

They don't waste their time like that, what they do is issue a warrant to whomever holds your information (google, apple, MS , whomever) to release it to them.

Just look at the backlog of iphones the US gov has that it cannot unlock, unless it is some high profile case they don't waste their time or money with that shit.


The US government has taken people to black sites around the world and has tortured people to give up information, why would they place nice with you ?

File: 138652131937.jpg (184KB, 1200x1800px) Image search: [Google]

184KB, 1200x1800px

>>57873336
>guhnmint gonna issue a warrant to my luks partitioned /dev/sdb

>>57869525
Why would someone ever try to brute force a strong block cypher when they could just backdoor the RNG you use for Diffie-Hellman (or just subvert the remote server) then root you via a JS sandbox breakout and privilege escalation?