lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 17 Feb 2013 02:03:23 -0600 (CST)
From: Steve Thomas <>
Subject: RE: [PHC] Different cost settings and optional input

On February 17, 2013 at 1:18 AM Marsh Ray <> wrote:
> > -----Original Message-----
> > From: Jeremi Gosney []
> >
> > Yes, I can see how that proposal would not be very popular :)
> It was more of a thought experiment, but hopefully not one completely
> disconnected to reality.
> My impression is about half the users can be expected to choose one of the top
> 10000 most common passwords. 10k trials takes, what, microseconds on a single
> GPU? Take the LinkedIn breach for example: millions of unsalted SHA-1 hashes.
> About half were cracked in the first few minutes to a day. The next batch to
> 70-80% took a few weeks. Probably 10-5% will never be cracked.
> Salting for Linkedin would have increased the difficulty for the attackers
> *hardly at all*. GPU cracking has gotten so fast that precomputed rainbow
> tables often not even worth the trouble. When you can compute Gigahashes per
> second on a single video card, a dictionary proves to be more trouble than
> it's worth for the initial pass.
6,458,020 unique SHA1s were leaked from LinkedIn. So let's assume you are right
on 50% cracked in one minute. If it was properly salted the best case is it will
take 3,229,010 minutes (6,458,020 * 50%) or about six years. Granted crackers
would be smarter on their guesses so it would be less than six years to crack

> Sure LinkedIn could have imposed a reasonable work factor...but how many more
> servers are they willing to deploy to handle on the massive number of logins
> they process?
New CPUs can do probably better than 133,000,000 SHA1s/second. Just doing 1,000
rounds using a parallel hashing algorithm would mean that each CPU in each
server could login 133,000 users/second.
Content of type "text/html" skipped

Powered by blists - more mailing lists