Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 24 May 2012 20:51:13 +0200
From: Frank Dittrich <>
Subject: Re: Can Excessive Rounds make Password cracking Infeasable

On 05/24/2012 08:22 PM, Brad Tilley wrote:
>> If you don't have a single-user system, but a server that is used by
>> thousands of users who all login at nearly the same time, the possible
>> delay will be much longer, and the server will hardly be usable for
>> other activities during those times.
> Yes, thanks Frank. I understand that and have no disputes or questions
> about that.

I just wanted to point out that there are other limits for increasing
the iteration count.
E.g., SAP's latest hash algorithm also allows the admin to adjust the
iteration count.
If I set the iteration count to the highest possible value, logging into
the SAP system on my laptop takes roughly half an hour.
And this is just for computing a single hash. Add a password history
size of 10 (also configurable by the admin to prevent password reuse),
and it would take the whole day to login, wouldn't they run into a timeout.

> My question is about the feasibility of cracking such hashes.

Then the answer to your question might be:

Get a large number of hashes for fast saltless hash algorithm, see how
many passwords you crack in the first hour.

Divide the average reported c/s rate by the average number of uncracked
Also note the percentage of cracked passwords.

Then try an arbitrary attack (e.g. incremental mode) against your single
hash which also runs at least one hour without finding the correct password.
Interrupt after an hour, check the reported c/s rate.

By comparing the c/s rate with the result you got in your first attempt,
you learn how long cracking the high iteration count salted hash takes
if you want to get a comparable success rate.
(Don't forget to multiply this with the number of different salts you
are attacking simultaneously.)

If you want to know the probability of cracking such a password in a
given time (say one week), just calculate how long you would have to run
your password cracking attempt for the fast hash to process a comparable
number of candidate passwords.
Then check what percentage of fast hashes you cracked in in this time.

This would give you at least a good enough estimate.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.