lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <864334016.1013891.1361140534785.JavaMail.open-xchange@email.1and1.com>
Date: Sun, 17 Feb 2013 16:35:34 -0600 (CST)
From: Steve Thomas <steve@...tu.com>
To: discussions@...sword-hashing.net
Subject: RE: [PHC] Different cost settings and optional input


On February 17, 2013 at 2:43 PM Marsh Ray <maray@...rosoft.com> wrote:
> From: Steve Thomas [mailto:steve@...tu.com]
> Sent: Sunday, February 17, 2013 2:03 AM
> To: discussions@...sword-hashing.net
> Subject: RE: [PHC] Different cost settings and optional input6.58
>
> On February 17, 2013 at 1:18 AM Marsh Ray <maray@...rosoft.com> wrote:
> >
> > 6,458,020 unique SHA1s were leaked from LinkedIn. So let's assume you are
> > right on 50% cracked in one minute. If it was properly salted the best case
> > is it will take 3,229,010 minutes (6,458,020 * 50%) or about six years.
> > Granted crackers would be smarter on their guesses so it would be less than
> > six years to crack 50%.
>
> 50% of the users selected one of the N_50 most common passwords. I'm guessing
> N_50 is well under 100,000.
>
> So an attacker who was after the most number of passwords would try the most
> common N_50 against each hash in turn.
>
> N_50 = 100,000
>
> Attacker Hps = 10e9 sha1/s
>
> Not salted: N_50 sha1 / Hps = 10 ms to crack 50% of passwords
>
> Salted: N_50*6458020 = 65.8e9 sha1 / Hps = 6.58 s to crack 50% of passwords
> (plus 10 ms to build the dictionary)
>
> So salting means the single-GPU attacker requires 6.58 s instead of 10 ms.
>
> Am I wrong in my estimate of N_50? I got the impression from previous breaches
> that it was typically more like 10,000. What am I missing?
>
> - Marsh
>
Actually we're both wrong. There are 175 million users at the time of the break
in. There are 5,787,239 unique hashes that were released (once you remove the
first 8 characters of the hash because some hashes had their first 8 characters
zeroed out).

N_50 = 100,000
speed = 1 billion/s

unsalted: 0.1 ms (100,000 / 10^9)
salted: between 4 hrs 52 min and 2 hrs 26 min (175,000,000 * 100,000 / 10^9 to
175,000,000 / 2 * 100,000 / 10^9)
Content of type "text/html" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ