lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 12 Feb 2014 21:48:38 +0000
From: Marsh Ray <>
To: "" <>
CC: "Bill Cox "
Subject: RE: [PHC] Is bandwidth all that counts?

From: Bill Cox [] 
> I did a bit of googling to see how cheaply I could build a 4GB DDR3 10GB/sec
> guessing unit.  I think it can be done for around $100 with a cheap low-end
> GPU and 8GB of cheap DDR3 memory.  DDR3 is running about $10/GB, and

Note that Intel Core i7-3820 runs about $300 retail and will do up to 51.2 GB/s.
So all-in, the performance of commodity hardware is very similar to that of
custom boards made with off-the-shelf chips.

> At that price, we'd have guessing hardware costs of about $100 per guess
> per second for NoelKDF guessing hardware, which isn't bad, but it's still 5X
> cheaper than my son's home-built Linux MineCraft server.

5x means the attacker with custom circuit of off-the-shelf chips gains an
advantage of only 2.3 bits of security over a defender with commodity hardware.

I think this is an excellent result for the password problem.

> I really do think memory bandwidth is where the metal meets the road and
> where we'll draw the line in the sand against brute force attacks.

I'm not sure we should completely give up on memory latency. It's the
parameter that has changed the least in DRAM systems in the
last 30 years.

- Marsh

Powered by blists - more mailing lists