lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <548ACF17.30804@bindshell.nl> Date: Fri, 12 Dec 2014 03:18:47 -0800 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12/12/2014 2:39 AM, Ben Harris wrote: > On 12 December 2014 at 17:53, epixoip <epixoip@...dshell.nl > <mailto:epixoip@...dshell.nl>> wrote: > > Thus the salt table shrinks with each successful > crack, and the effective speed of the attack increases with each > eliminated salt. > > > A rather confusing way to describe things. It shouldn't be confusing at all if you've ever written a password cracker, or are at all familiar with how password cracking works, or have even attempted to crack salted hashes for that matter. > If we are attacking all password hashes, one password at a time (from > the most common down). Then each time we find a match, the pool of > hashes decreases and subsequent passwords can be search faster. The pool of hashes AND the pool of salts decrease. The former is rather insignificant. The latter has a big impact. > > At the moment an attacker can calculate somewhere between 10^10 - > 10^15 SHA256 per dollar in electricity. They can scan a list of 1 > million common passwords for about a thousandth of a cent. If this > cost were much higher (>> $1), then the economics of the attacks would > change. The cost wouldn't be dramatically lower for no salt... it would be exactly as you stated with no salt. The speeds you are stating are for raw sha256, i.e. no salt. If it were salted sha256, you'd have to divide those numbers by the number of salts. > If there was no salt, then the cost would be drastically lower and the > attacker could start the attack before getting the hashed passwords. This makes absolutely no sense. How exactly does one start attacking hashes before having the hashes?
Powered by blists - more mailing lists