lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Dec 2014 03:18:47 -0800
From: epixoip <>
Subject: Re: [PHC] How important is salting really?

On 12/12/2014 2:39 AM, Ben Harris wrote:
> On 12 December 2014 at 17:53, epixoip <
> <>> wrote:
>     Thus the salt table shrinks with each successful
>     crack, and the effective speed of the attack increases with each
>     eliminated salt.
> A rather confusing way to describe things.

It shouldn't be confusing at all if you've ever written a password
cracker, or are at all familiar with how password cracking works, or
have even attempted to crack salted hashes for that matter.

> If we are attacking all password hashes, one password at a time (from
> the most common down). Then each time we find a match, the pool of
> hashes decreases and subsequent passwords can be search faster.

The pool of hashes AND the pool of salts decrease. The former is rather
insignificant. The latter has a big impact.

> At the moment an attacker can calculate somewhere between 10^10 -
> 10^15 SHA256 per dollar in electricity. They can scan a list of 1
> million common passwords for about a thousandth of a cent. If this
> cost were much higher (>> $1), then the economics of the attacks would
> change.

The cost wouldn't be dramatically lower for no salt... it would be
exactly as you stated with no salt. The speeds you are stating are for
raw sha256, i.e. no salt. If it were salted sha256, you'd have to divide
those numbers by the number of salts.

> If there was no salt, then the cost would be drastically lower and the
> attacker could start the attack before getting the hashed passwords.

This makes absolutely no sense. How exactly does one start attacking
hashes before having the hashes?

Powered by blists - more mailing lists