| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <218AE73F98E99C4C98AF7D5166AA798E090370DA@TK5EX14MBXC286.redmond.corp.microsoft.com> Date: Sun, 17 Feb 2013 20:43:04 +0000 From: Marsh Ray <maray@...rosoft.com> To: Steve Thomas <steve@...tu.com>, "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: RE: [PHC] Different cost settings and optional input From: Steve Thomas [mailto:steve@...tu.com] Sent: Sunday, February 17, 2013 2:03 AM To: discussions@...sword-hashing.net Subject: RE: [PHC] Different cost settings and optional input6.58 On February 17, 2013 at 1:18 AM Marsh Ray <maray@...rosoft.com> wrote: > > 6,458,020 unique SHA1s were leaked from LinkedIn. So let's assume you are right on 50% cracked in one minute. If it was properly salted the best case is it will take 3,229,010 minutes (6,458,020 * 50%) or about six years. Granted crackers would be smarter on their guesses so it would be less than six years to crack 50%. 50% of the users selected one of the N_50 most common passwords. I'm guessing N_50 is well under 100,000. So an attacker who was after the most number of passwords would try the most common N_50 against each hash in turn. N_50 = 100,000 Attacker Hps = 10e9 sha1/s Not salted: N_50 sha1 / Hps = 10 ms to crack 50% of passwords Salted: N_50*6458020 = 65.8e9 sha1 / Hps = 6.58 s to crack 50% of passwords (plus 10 ms to build the dictionary) So salting means the single-GPU attacker requires 6.58 s instead of 10 ms. Am I wrong in my estimate of N_50? I got the impression from previous breaches that it was typically more like 10,000. What am I missing? - Marsh
Powered by blists - more mailing lists