| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Feb 2014 13:58:12 -0500 From: Bill Cox <waywardgeek@...il.com> To: discussions@...sword-hashing.net Subject: Re: [PHC] Is bandwidth all that counts? On Tue, Feb 11, 2014 at 5:50 PM, Andy Lutomirski <luto@...capital.net> wrote: > The attacker will need more memory, right? Interleaving between > different passwords increases bandwidth, but it proportionately > increases the amount of memory needed, I think. > > --Andy Yes, and that makes his system more expensive. If a user has a reasonable time limit of 1 second of patience for hashing 4GB of memory (write once, read once), an attacker will need around 4GB per guessing core. I did a bit of googling to see how cheaply I could build a 4GB DDR3 10GB/sec guessing unit. I think it can be done for around $100 with a cheap low-end GPU and 8GB of cheap DDR3 memory. DDR3 is running about $10/GB, and low-end GPUs to match seem to be around $35. There is still cost for the board, capacitors, power supply and I/O interface, so I think $100 is about right. At that price, we'd have guessing hardware costs of about $100 per guess per second for NoelKDF guessing hardware, which isn't bad, but it's still 5X cheaper than my son's home-built Linux MineCraft server. I really do think memory bandwidth is where the metal meets the road and where we'll draw the line in the sand against brute force attacks. Bill
Powered by blists - more mailing lists