lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <218AE73F98E99C4C98AF7D5166AA798E09037114@TK5EX14MBXC286.redmond.corp.microsoft.com>
Date: Mon, 18 Feb 2013 00:01:59 +0000
From: Marsh Ray <maray@...rosoft.com>
To: Steve Thomas <steve@...tu.com>, "discussions@...sword-hashing.net"
	<discussions@...sword-hashing.net>
Subject: RE: [PHC] Different cost settings and optional input

From: Steve Thomas [mailto:steve@...tu.com] 
>
> Actually we're both wrong. There are 175 million users at the time
> of the break in. There are 5,787,239 unique hashes that were
> released

Do we know if the released unique hashes represented all the unique hashes of the 175 million?

That would imply that N_97 =~ 5.8e6. I.e., 96.7% of users chose one of the 5.7 million most common passwords.

> (once you remove the first 8 characters of the hash because some
> hashes had their first 8 characters zeroed out).

Did those turn out to be the easiest to break? There was speculation that attackers had zeroed out the beginning of the ones they'd been able to break.

> N_50 = 100,000
> speed = 1 billion/s
>
> unsalted: 0.1 ms (100,000 / 10^9)
> salted: between 4 hrs 52 min and 2 hrs 26 min (175,000,000 * 100,000 / 10^9 to 175,000,000 / 2 * 100,000 / 10^9) 

So, at least in the absence of a meaningful work factor, we can conclude:

1. If the attacker is targeting a specific user or small set of user(s), salt doesn't help much at all.

2. If the attacker is happy with merely the majority of passwords, salt doesn't help much at all either.

It seems like the main thing that salting is good for is giving the users with the most-secure passwords a few hours or days to change their password before it is cracked, assuming the service detected the breach and notified its users immediately.

- Marsh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ