[Nottingham] All your passwords are belong to them
VM
vadim at mankevich.co.uk
Tue Apr 16 10:19:54 UTC 2019
haha. that password featured in many password leaks and is now probably No 3 in dictionaries after 123456 and Password1.
I think it's really a problem if unencrypted hashes have been stolen in which case all users are screwed regardless of their password complexity.
On 16 April 2019 10:37:27 BST, J via Nottingham <nottingham at mailman.lug.org.uk> wrote:
>Hello folks,
>
>I thought I would terrify everyone with some figures I have recently
>come
>across.
>
>Remember this? https://xkcd.com/936/
>The claim is that "CorrectHorseBatteryStaple" is 2^44 of entropy and
>would
>take 550 years to crack.
>But how long would it take really? How terrifying is 87 seconds at *200
>billion per second*.
>And what does one need to get that rate? Highly specialised ASICs
>managed
>by a fleet of supercomputers?
>No. How's about some commodity GPUs (8 GTX1080) and software from
>GitHub:
>
> - https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40
> - https://github.com/hashcat/hashcat
>
>I shudder to think what could be done with more modern GPUs.
>
>This can all be defended against; salt, pepper, treacle (functions like
>Argon2 which are memory hard), layers (hashing again and again and
>again
>and...) etc. Luckily modern systems don't rely on just your password,
>which
>is why you often get then "Hey, we don't recognise this device" tpye
>check
>and the use of two-factor for many things.
>
>Once you've done all that though, it can all be undone with a simple
>wrench: https://xkcd.com/538/
>
>J.
--
vadim at mankevich.co.uk PGP key fingerprint
0xC046022A3A91455AF0C9BB2404BF882B1905C772
Retrieve from https://keybase.io/vmankevich
"When we take away the right to figure out if something bad is going on in our computers, the inevitable consequence is that bad things will happen in our computers." (Cory Doctorow)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20190416/63ac59ab/attachment.html>
More information about the Nottingham
mailing list