[uxcn]

ORWL was designed specifically to prevent undetected tampering with any of its electrical components, including the entire motherboard and storage drive. When tampering is detected, ORWL immediately and irrevocably erases all your data, even if it is unplugged at the time.

and...

Upon any tampering, the secure microcontroller instantly erases the encryption key, causing all data on the SSD to be irrevocably lost.

If only the key is deleted, wouldn't that leave the drive susceptible to brute force?

[kevhito]

There are reasonable issues that could be raised about various meta-data leaks with full-disk encryption. For example, in a completely naive per-file encryption scheme, the (approximate) file sizes would be visible. But I don't think "brute force" is a concern for reasonably modern encryption schemes. Of course, if they are using weak/short pins with a key derivation function, then that is vulnerable to brute force.

[pstrateman]

Uhh.. yes but enjoy brute forcing a 256 bit key.

See you in a few trillion years.

[libeclipse]

Quite a lot more than a few trillion.

[dmichulke]

You have to account for Moore's Law within the few trillions GP mentioned

[grandsham]

Bruce Schneier and others[1] have done the math on brute forcing 256 bit keys: even with a perfectly efficient computer using the least amount of energy possible, you would have to deplete the entire energy content of the Sun to just iterate over a 225 bit keyspace once, let alone do anything meaningful with those keys.

Moore's Law doesn't really factor into it.

[1]http://security.stackexchange.com/a/6149

[uxcn]

It's estimated there are 10^80 atoms [1] in the visible universe, so 2^256 is definitely a huge number. I didn't realize 256 bit brute force was nigh feasible with only a solar system.

I'm a bit surprised the quantum algorithm only gives a polynomial speedup.

[1] https://en.wikipedia.org/wiki/Observable_universe#Matter_con...

[learningbot]

10^80 = (10^3)^80/3 = 1000^80/3 = 1000^26.67

2^256 = (2^10)^25.6 = 1024^25.6

These number seem very close.

[andrewflnr]

Sure it does. It just happens to necessitate our transition to Kardashev III.

[United857]

https://www.reddit.com/r/theydidthemath/comments/1x50xl/time...

tl;dr if all the matter in the whole universe was a computer, it'd still be unlikely.

[jsudhams]

Isn't brute force a chance? Should it not be "see you in next minute to few years?"

[rtkwe]

It's all down to probabilities, yes our hypothetical attacker could guess your key correctly the first time or within a few years but the chances are so tiny it approaches zero for practical purposes on practical timescales.

[CIPHERSTONE]

NSA Engineer: Hey boss, this one's using a 256 bit key.

NSA Manager: Connect it to the quantum computer that doesn't "exist".

Five minutes later..

NSA Engineer: We now have access.

[grandsham]

quantum computers, at best, divide the bit-strength of a symmetric key like AES in half[1]. Brute forcing a 128 bit key is theoretically possible (in the sense that you can do it if you marshal the entire world energy output to the cause, you could crack 1 key/yr), but not a 5 minute process.

[1]https://en.wikipedia.org/wiki/Grover%27s_algorithm

[the8472]

that is assuming that there is no better quantum algorithm for aes specifically. grover's algorithm is only optimal if brute force search is the only possible approach and there are no other exploitable properties.

considering that there already theoretical attacks that (marginally) faster than brute force on classic computers who knows how much more one could squeeze out with quantum algorithms.

Of course those are fairly speculative concerns.

[nullc]

It's very obvious how special structure exists in cryptosystems that use finite cyclic groups, such as in discrete log cryptosystems.

But in AES? that sounds unlikely and really unfortunate.

I think it's more likely that large quantum computers would aid in mathmatical exploration that uncovers currently unknown vulnerabilities that could be exploited by classical systems.

[libeclipse]

I assume the encryption is strong so brute force would be useless.