Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 May 2012 22:49:41 +0200
From: magnum <>
Subject: Re: Can Excessive Rounds make Password cracking Infeasable

On 05/24/2012 08:06 PM, Brad Tilley wrote:
> When do rounds make password cracking infeasible, or do they? For
> example, the hash below is a SHA-512 hash with 391939 rounds applied.
> You can actually feel the delay at logon (about 2 seconds on newer
> machines):
> test:$6$rounds=391939$UqhsyLSZ$F/K1CGpBf9yefYXCRbY5uK/LW1HzW8EiPCzdq8PMVvZ4JLhb4F464ps87MX/YwYEI0s62KIsnZBuCt45a.A4I0:1002:1002::/home/test:/bin/sh
> So long as the passwords are sufficiently complex and users can't select
> simple words such as 'password' for their password, I would think that
> these hashes are close to un-crackable (certainly not in a reasonable time
> period anyway). What do other John users think?

As others pointed out there are reasons the default rounds figure is not
higher. I can imagine if just *some* or even only one hash had a much
higher round, I would get more interested in those. OTOH this could be
used to fool attackers (using a couple of impossible passwords with a
very high rounds figure) to waste resources on dummy accounts.

FWIW, some very quick tests on Solar's test gear with the hash above:

CPU (8 cores): 4.75 c/s
GTX580: 4300 c/s
HD7970: 6000 c/s

So while the CPU speed is hopeless, using high-end GPU's the speed is
not that bad.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.