lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 Dec 2014 11:34:21 +0800
From: Ben Harris <ben@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] How important is salting really?

On 23 December 2014 at 11:09, epixoip <epixoip@...dshell.nl> wrote:

> To exhaust 62^8 keyspace with this
> cluser would take ~50.5 days and cost ~ $1842.24 @ $0.20/kWh. Average
> PUE in 2014 is 1.7 so actual electricity cost would be more like $3684.48.
>
> And that's just for a single hash. For 400k salts (which is what Sc00bz
> estimated in the comments) the effective rate with 16x 290X would only
> be about 63 H/s.
>
>
>
Awesome. I'm guessing you have the info to estimate the breakup between
on-dictionary, near-dictionary (candidate gen), and random passwords? Any
chance you can do some guesstimates on the other two categories for
completeness.

I guess at 63 H/s you can cover the top 20K passwords in 5 and a half
minutes (for a cost of about 28c compared to the $3684.48). And hit 2^28
candidates in the same time/cost as the above example (for all the hashes
instead of just 1).

Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ