let's say we have encrypted our drive with AES 256 XTS and the following Hash:
SHA1 with ~500k Iterations and a 20+ password
SHA512 with ~250k Iterations and the same 20+ password.
Let's think of the best hardware and the fastest hardware out there. How long would it take to Brute Force the Hash or the password in both cases?
If that 20 character password is completely random and uses any of the 95 ASCII characters. Then you'd have 9520 (3.58×1039) possible passwords.
How many SHA1/SHA512 hashes can we do per second? Let's assume we have the following computer:
PC4: Ubuntu 14.04, 64 bit
Catalyst 14.9
8x AMD R9 290X
stock core clock
oclHashcat v1.31
SHA1 29976 Mh/s
SHA512 4576 Mh/s
Source: http://hashcat.net/oclhashcat/
So if you're using SHA1 with 500k iterations, you could try 59952 passwords per second. With SHA512 and 250k iterations, you could try 18304 passwords per second.
SHA1: 9520 / 59952 = 9.98×1034 seconds = 1.89×1027 years.
SHA512: 9520 / 18304 = 19.59×1035 seconds = 6.21×1027 years.
Even if you had a billion of these machines with 8 video cards in them each, you wouldn't even come close.
If you use only 1 iteration and a 10 character random password:
SHA1: 9510 / 29976000000 = 2 billion seconds = 63.34 years
SHA512: 9510 / 4576000000 = 1.31×1010 = 414.9 years
So if you'd then attack that with a thousand of those machines (8000 video cards), you'd get it down to a manageable 23 days / 151 days.
A 20 character random password is about as difficult to bruteforce as a 128 bit AES key. 2128 roughly equals 9520. So impossible.
This is trying to bruteforce the key by going through the entire key space. You could also attack the hash function and try to calculate the preimage. This is however not applicable for disk encryption because the hash is not stored, it is generated on the fly and the output is used as the encryption key.
