| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Dec 2014 09:46:58 +0800
From: Ben Harris <ben@...rr.is>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] How important is salting really?
On 23/12/2014 8:49 am, "Jeremy Spilman" <jeremy@...link.co> wrote:
> Another way to look at it, what is the minimum amount of entropy a
password would need under the hashing scheme to resist an offline attack
given some assumed resource and time constraint? E.g. For 2,048 MD5, lets
say I can target a single account with $10,000 of hardware and achieve 50
MH/s, or 30 trillion guesses in a week's time, that's going to successfully
crack what percentage of user-chosen passwords?
>
First question is what percentage of user-chosen passwords are on a
dictionary (probably a range depending on the community). For the remainder
you'd need to guess the percentages that are
guessable-by-candidate-generation and those that are
fully-randomly-generated. There might be an in between group.
Those on a dictionary will fall very quickly (time and money cost is very
low), the candidate generation ones are a little slower (I don't have the
data to guess with), and the random ones are the slowest with the highest
time and money cost.
Roughly, an 8 character randomly generated alphanumeric password (no
symbols) is about 48 bits of entropy. With your 50MH/s rate that is almost
26 bits per second, giving about 2 months to check all the options
(300W@.../kWh
gives about $100 in electricity). Each additional character is ~64 times
slower and more expensive.
N.B. did the calcs on my phone while typing so numbers may be off.
Content of type "text/html" skipped
Powered by blists - more mailing lists