lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <54990DB9.2020704@bindshell.nl> Date: Mon, 22 Dec 2014 22:37:45 -0800 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12/22/2014 7:34 PM, Ben Harris wrote: > On 23 December 2014 at 11:09, epixoip <epixoip@...dshell.nl > <mailto:epixoip@...dshell.nl>> wrote: > > To exhaust 62^8 keyspace with this > cluser would take ~50.5 days and cost ~ $1842.24 @ $0.20/kWh. Average > PUE in 2014 is 1.7 so actual electricity cost would be more like > $3684.48. > > And that's just for a single hash. For 400k salts (which is what > Sc00bz > estimated in the comments) the effective rate with 16x 290X would only > be about 63 H/s. > > > > Awesome. I'm guessing you have the info to estimate the breakup > between on-dictionary, near-dictionary (candidate gen), and random > passwords? Any chance you can do some guesstimates on the other two > categories for completeness. > > I guess at 63 H/s you can cover the top 20K passwords in 5 and a half > minutes (for a cost of about 28c compared to the $3684.48). And hit > 2^28 candidates in the same time/cost as the above example (for all > the hashes instead of just 1). Certainly. Though it's kind of hard to say, because Ars is a tech site with fairly educated readers, and Ars frequently covers password breaches, password cracking, and password security, so there are likely more users using a password manager than we've seen in previous breaches. There are likely a fair amount of people using "throwaway" passwords, but even their throwaway passwords are likely better than most people's passwords. We've seen this in other breaches as well. For example, there's more of an overlap between Rockyou and Gawker (43%) and Rockyou and Battlefield (29%) than there is between Rockyou and LinkedIn (10%) or Rockyou and Stratfor (4%). So knowing that Ars users are likely more on the Stratfor spectrum than the Rockyou spectrum, let's split the difference between LinkedIn and Stratfor. 0.08% of Stratfor users picked a top 20k password, and 0.27% of LinkedIn picked a top 20k password. Rockyou.txt + best64.rule picked up an additional 2.84% for Stratfor and 10.51% for LinkedIn over rockyou.txt alone. So let's assume that 0.17% of Ars readers picked a top 20k password, an additional 7.5% picked a password from Rockyou (rockyou.txt is pretty much the de facto base wordlist these days), and an additional 11.93% can be cracked with rockyou.txt + best64.rule. This means... 680 salts eliminated after 5.3 minutes. Effective speed is roughly still 63 H/s. 30680 salts eliminated after 2.6 days. Effective speed increases to 68 H/s. 78400 salts eliminated after 156 days. Effective speed increases to 78 H/s. So after 158 days we likely would only have ~ 19.6% of the list cracked. Which seems to be a pretty accurate estimate. The Forbes breach, which was also PHPass, is only 16.2% cracked after 10 months.
Powered by blists - more mailing lists