Hi, I'm new to cryptography so I don't trust my own calculations. I was hoping you folks could tell me if I'm off the mark.
The question is: if you turned the entire universe into a computer and devoted all of its resources to brute forcing an 160-character password consisting entirely of lower-case letters, would you succeed before your cosmic computer succumbed to entropy?The hypothesis in question
-Any computation that can be performed must be a "subroutine" in the overarching computation of the universe. Therefore, the computational capacity of the whole universe places a safe limit (though not an absolute, incontrovertible one) on brute force attacks.
-Seth Lloyd says that, so far, the universe has performed no more than 10^120 operations (http://arxiv.org/abs/quant-ph/0110141). I've also heard 10^123 operations so I'll use that figure just to make this estimate slightly more conservative.
-I'll assume one password guess-attempt in a brute force attack is 1 operation. (Could a guess conceivably be less than 1 operation?)
-According to Wikipedia (http://en.wikipedia.org/wiki/Future_of_an_expanding_universe#Dark_Era
), when the universe is 10^100 years old, "Photons, neutrinos, electrons, and positrons will fly from place to place, hardly ever encountering each other." Presumably this makes any meaningful computation impossible, including a brute force attack.
-The way I interpret Seth Lloyd's paper (though it's confusing) is that the universe has so far
performed no more than 10^123 operations in its 13.7 billion year history. For simplicity though, I'll assume that the universe is capable of 10^123 operations annually. (If I'm doing all these steps correctly, this significantly overattributes processing power to the universe.) Therefore I'll multiply 10^123 operations * 10^100 years to get 10^223 total operations throughout the course of the universe.
-An 160-letter password (the same size as a text message) using only lower case would have 26^160 combinations.
-According to Wikipedia (http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength
), "On average, an attacker will have to try half the possible passwords before finding the correct one." So we'll change that to (26^160 / 2).
-Since (26^160 / 2) - (10^223) yields a huge positive number (see the math: http://goo.gl/dhygG), I conclude that if you used all the computation power in the universe to try to crack this password, you would have a negligible chance of succeeding before the whole thing goes up in smoke (or, rather, Hawking radiation).So, is this conclusion correct, or is there a mistake here?Known flaws
-Doesn't take into account quantum computation
-Assumes present-day heat death predictions are accurate
-Ignores possibility of a multiverse
-It's unrealistic to remember an 160-letter password unless it consists of words, in which case it would be subject to a much faster, dictionary attackP.S.
Sorry, it's my first post to the forum, I couldn't figure out how to make hyperlinks