lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Mar 2014 17:38:38 -0600 (CST)
From: Steve Thomas <steve@...tu.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Are password trailing 0's a problem?

> On March 7, 2014 at 5:22 PM Solar Designer <solar@...nwall.com> wrote:
>
>
> On Fri, Mar 07, 2014 at 05:21:06PM -0500, Bill Cox wrote:
> > On Fri, Mar 7, 2014 at 11:49 AM, CodesInChaos <codesinchaos@...il.com>
> > wrote:
> > > As an example with nice printable characters in both passwords:
> > >
> > > `plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd`
> > > and `eBkXQTfuBqp'cTcar&g*` have the same PBKDF2-HMAC-SHA1 hash (no
> > > matter the salt or the number of iterations).
> > >
> > > I found those with a CPU and unoptimized code. One of our GPU hashing
> > > friends could easily find a similar pair for PBKDF2-HMAC-SHA-256.
> >
> > Sweet. I assume the only difficulty is finding a printable character
> > hash, which is something like 70 out of 256 values, so the printable
> > hashes for HMAC-SHA256 would be 1 in (70/256)^32. We'd have to search
> > about 1e18 to find one, so a billion billion... definitely time for a
> > GPU farm.
>
> There are 95 printable 7-bit ASCII characters, not 70. The attached
> trivial program may do the trick in a couple of weeks on a fast server.
>
> I've already found such "collisions" for 8-bit printable ASCII, and made
> sure they do indeed work for scrypt as a whole as well (confirmed).
>
> Alexander

It will only take like 10 hours on average with a 7970:
(256/95)^32/ 1,032,000,000/3600/2=8.04 hours

1,032,000,000 is hashcat's speed, but this will be slower.
Content of type "text/html" skipped

Powered by blists - more mailing lists