| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 05 Sep 2014 17:19:27 -0400 From: Bill Cox <waywardgeek@...hershed.org> To: discussions@...sword-hashing.net Subject: Re: [PHC] A review per day - Economics of Makwa -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wanted to say a bit more about the economics of building a Makwa password hashing box full of ASICs. The ultra-high end ASIC built in 22nm Intel process using the craziest fastest densest technology ever created is really only an option the MiB can afford (and maybe a few ultra-high-volume ASICs). You need proof you are willing to write a $10M check just to get in the door! They want to see a credible plan to buy a total of $100M worth of chips from then over the lifetime of your ASIC. BitCoin is headed in this direction, but they aren't there yet! In reality, your VC is going to offer you $1M to develop the ASIC, and $1M to build the boxes and commercialize it (or 2X that... whatever). For $1M you can talk to about a dozen ASIC vendors who will want a credible story that you will buy $10M worth of ASICs over this design's lifetime. I'm not sure what technology you can build masks for now days for under $200. Maybe 90nm or 65nm? Something mature for sure. You need to budget that twice in case there are mistakes! Designing the chip is maybe a couple of guys for a year, so another $400. Packaging, G&A, etc... maybe you get silicon working on a real board for $1M. Then you crank up production. These boxes, per Makwa core, which your low-end ASIC will have one each of, will run closer to 1GHz, not 3.4GHz. It also generates a *lot* more heat! You'll likely need that $100 flip-chip packaging just for your 1 core, and that ASIC might cost you $150 to $200 each. It would hash about 1000 Makwa hashes in parallel, with up to a cost of 1,000,000 squarings in 1 second, with 1,000 in parallel. Let's assume you get paid $0.0001 per password hash. Then your Makwa box generates a cent every 10 seconds. That's over $8,500/day! For 1 ASIC! On the other hand, if an attacker wants to buy Makwa time to crack a password with 30 bits of entropy (by which I mean it will take us 2^30 guesses), then an attacker will have to pay $100,000 to crack your password! Fun, huh? Bill -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUCijcAAoJEAcQZQdOpZUZ1tQQAIDstUY5ZKBEJvuz9cJ3DHCV 3uSPmClEjiZZgtjdKdwW4CgMvCMo5lyjJ+9Ws6Gc8Qu0M+skPJidRHAJF1+MT5tA ShIBl5bWJWKFrEQ9lNN7x/zwU3J15BanXCpOIjk1dB8wNTsHicIrxzhpNSZRHtpG bCjLFi3APCkEP/q/GydMoHzuduwQtTzHoxCzgc+d3K8U9pboFJ3wraQv5hGd283o GH8eB48VEHIVQUOXTCUW8h+VcnBqtB9mk/rK6Bze3BZPA0eJ+VX8Sr5rOVBPQaDL 7tFaO+SF8MgKxN1us2AlvpX1aiP1/en/SzhVkaBEKkCBkHhYL5yFTeEuCk2UVjKf nwe3GGhkzHVRoMGJT0bVJMVtdZK0PqGmbN9AMIrGRj0FyyJkXaEwo0/Tn/4RHGLA NNu6SjHCh7pIdA7BswM8OtREeCfD+O6jnwQoapCSiUyUherjxpcHfBZ2TD7qOcAw bNqDnPRYnT6NgvB/6YcJdvGy3Oqh3lfi9r9Le/rgFzZ22XqjMDBkfvdqsWJxN7w7 A/4/UkbBPmATQptXxaQFv+KvFOvso029/uhUTfUe+pW4IKXNrKd+TZ9NTfVAjOv0 R9E+4PAKvna5gWUzvS5L5vOIdb4oIUYr0YTGr5+FqllR/JAGi2K3oeTm4RkkwhV3 qdRD690xT4lyAOka23qa =HVIw -----END PGP SIGNATURE-----
Powered by blists - more mailing lists