[Nottingham] All your passwords are belong to them
J
jasonirwin73 at gmail.com
Tue Apr 16 09:37:43 UTC 2019
Hello folks,
I thought I would terrify everyone with some figures I have recently come
across.
Remember this? https://xkcd.com/936/
The claim is that "CorrectHorseBatteryStaple" is 2^44 of entropy and would
take 550 years to crack.
But how long would it take really? How terrifying is 87 seconds at *200
billion per second*.
And what does one need to get that rate? Highly specialised ASICs managed
by a fleet of supercomputers?
No. How's about some commodity GPUs (8 GTX1080) and software from GitHub:
- https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40
- https://github.com/hashcat/hashcat
I shudder to think what could be done with more modern GPUs.
This can all be defended against; salt, pepper, treacle (functions like
Argon2 which are memory hard), layers (hashing again and again and again
and...) etc. Luckily modern systems don't rely on just your password, which
is why you often get then "Hey, we don't recognise this device" tpye check
and the use of two-factor for many things.
Once you've done all that though, it can all be undone with a simple
wrench: https://xkcd.com/538/
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20190416/70fc302e/attachment.html>
More information about the Nottingham
mailing list