lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Feb 2014 13:58:12 -0500
From: Bill Cox <waywardgeek@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Is bandwidth all that counts?

On Tue, Feb 11, 2014 at 5:50 PM, Andy Lutomirski <luto@...capital.net> wrote:
> The attacker will need more memory, right?  Interleaving between
> different passwords increases bandwidth, but it proportionately
> increases the amount of memory needed, I think.
>
> --Andy

Yes, and that makes his system more expensive.

If a user has a reasonable time limit of 1 second of patience for
hashing 4GB of memory (write once, read once), an attacker will need
around 4GB per guessing core.

I did a bit of googling to see how cheaply I could build a 4GB DDR3
10GB/sec guessing unit.  I think it can be done for around $100 with a
cheap low-end GPU and 8GB of cheap DDR3 memory.  DDR3 is running about
$10/GB, and low-end GPUs to match seem to be around $35.  There is
still cost for the board, capacitors, power supply and I/O interface,
so I think $100 is about right.

At that price, we'd have guessing hardware costs of about $100 per
guess per second for NoelKDF guessing hardware, which isn't bad, but
it's still 5X cheaper than my son's home-built Linux MineCraft server.
 I really do think memory bandwidth is where the metal meets the road
and where we'll draw the line in the sand against brute force attacks.

Bill

Powered by blists - more mailing lists