How many salted passwords can be crunched per second on a modern system
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How many salted passwords can be crunched per second on a modern system
Hello,
I'm doing some interesting research on passwords.
I'm planning to publish my findings here despite the fact that it would make a cool paper because I'm not in college (never went).
I need to know how many passwords can be cracked per second on modern hardware.
I'm talking 10000 iterations salted. The ones I'm interested in are the typical *unix ones, blowfish, sha256, sha512.
I did a few searches online, but the web only yielded windows ntlm passwords and the researchers were probably using a rainbow table.
Thanks
Last edited by ballsystemlord; 09-15-2016 at 03:08 PM.
Reason: Sorry, I misspelled salted and crunched in the thread name
When some of the clusters do it they use the GPU for doing the specific computation - some of them can go about 10 times faster. Of course, those GPUs tend to also be the most expensive... Something in the neighborhood of $3000 to $7000 for each GPU, and there are clusters that have two to four per node.
There is even a Supermicro "Simcluster" system for deskside use (it weighs over 300 pounds) for $48,000 to $60,000 for a system.
That is why it depends on what you define a modern system to be.
Indicates (in 2012) they were able to do 348 billion NTLM password hashes per second using a cluster of only 5 nodes with 5 GPUs per node (I think, the cluster had a total of 25 GPUs). And GPU computation has gotten even faster since.
I'd say if you can crack even 1 salted password per day then Linux passwords are broken and you should go to a major new agency and state such.
Wrong bet.
The problem depends on which method of encrypting... and how complex is the original password.
DES has LONG been cracked - initially by using rainbow tables.
Short passwords can be cracked fairly quickly no matter what encryption is used. If you want to slow the rate, the password has to be longer than 8-10 characters...
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by jpollard
Wrong bet.
The problem depends on which method of encrypting... and how complex is the original password.
DES has LONG been cracked - initially by using rainbow tables.
Short passwords can be cracked fairly quickly no matter what encryption is used. If you want to slow the rate, the password has to be longer than 8-10 characters...
Then I need to start looking for another OS. I thought that the people who contributed to Linux were supposed to be intelligent? If you're telling me that Linux passwords can be cracked in under a day then you're telling me that morons wrote the code and nobody cares? Really? Is there a paper on this and why wasn't it major news?
The problem depends on which method of encrypting... and how complex is the original password.
DES has LONG been cracked - initially by using rainbow tables.
Do rainbow tables apply to encryption functions? I thought they were for hashing only. Anyway, in current times, the problem with DES is that it uses a 56 bit key which is simply too small to be useful.
Quote:
Short passwords can be cracked fairly quickly no matter what encryption is used. If you want to slow the rate, the password has to be longer than 8-10 characters...
Quote:
Originally Posted by 273
Then I need to start looking for another OS. I thought that the people who contributed to Linux were supposed to be intelligent? If you're telling me that Linux passwords can be cracked in under a day then you're telling me that morons wrote the code and nobody cares? Really? Is there a paper on this and why wasn't it major news?
Check your /etc/shadow file, it's probably not using DES (that's only kept around for backwards compatibilty with ancient UNIX versions, see crypt(3) for how to interpret the contents). If your password entry starts with $6 you're using the SHA512 iterated scheme (5000 iterations by default), which is fairly secure (see https://www.akkadia.org/drepper/SHA-crypt.txt). Also note that /etc/shadow can only be read by attackers if they have already broken in and obtained root.
However, as jpollard mentioned, the original password matters too; none of this helps if the moron user chose "password" as their password.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by ntubski
However, as jpollard mentioned, the original password matters too; none of this helps if the moron user chose "password" as their password.
Surely the point of a salt is to minimise the password's effect upon the final hash? I suppose the danger with weak passwords is that they allow only a small rainbow table to be generated to deal with the most common cases but, still, surely the point of the salt is to make even such a table unwieldy?
Surely the point of a salt is to minimise the password's effect upon the final hash? I suppose the danger with weak passwords is that they allow only a small rainbow table to be generated to deal with the most common cases but, still, surely the point of the salt is to make even such a table unwieldy?
When storage of petabytes is possible, rainbow tables still work...
And they can be reduced in size by generating entries for just the short and common passwords.
The key is that the storage is rather larger than what is common for a desktop, and is not even that common with the hackers.
Systems that can breeze through billions of hashes per second are almost as fast - and are much smaller in physical size, and cost.
Then I need to start looking for another OS. I thought that the people who contributed to Linux were supposed to be intelligent? If you're telling me that Linux passwords can be cracked in under a day then you're telling me that morons wrote the code and nobody cares? Really? Is there a paper on this and why wasn't it major news?
Doesn't matter what OS you look at. Windows, even with two factor (or three) still use passwords that can be broken (never mind that it also uses the so very vulnerable NTLM).
EVERY operating system uses passwords even if they don't call it that - biometrics? sorry the result is a hash, and that can be broken. Two factor authentication? once done - the result is a hash, again can be broken. Using a smart card? result is STILL a hash.
Use Kerberos with two factor authentication and AES? the result is STILL a hash - but the hash has a limited lifetime - hopefully, it takes longer to crack the hash than the credential lifetime.
All that has changed is where the hash gets generated. It used to be just from the password and salt. Now it is from other things. The only purpose for the "other things" is to attempt to reduce the occurrence of simple passwords that are trivial to crack.
The result is still the same. This is why passwords will never go away.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Well, yes, hashes can be broken eventually but the opening post of this thread mentioned passwords being broken "per second". What I am suggesting is that any password scheme which can be broken in under a day without extremely expensive resources is almost pointless. In fact, for home use then user passwords under such a system are pointless at best and dangerous at worst.
I am only speculating, but it might possibly be done quickly with parallel processing on GPUs or something. You can get devices with hundreds of cores cheaply now and it seems like a task that would lend itself to parallel processing. CUDA was one name I've heard used in that context, but there may be others.
Surely the point of a salt is to minimise the password's effect upon the final hash?
No, the point of salt is to prevent the attacker from using precomputed tables, and prevent breaking multiple passwords in parallel (this second point is basically irrelevant for single-user home systems). Remember the salt is not secret (or at least not more secret than the hash itself).
Quote:
I suppose the danger with weak passwords is that they allow only a small rainbow table to be generated to deal with the most common cases but, still, surely the point of the salt is to make even such a table unwieldy?
The danger is that a table is not even needed.
Quote:
Originally Posted by 273
Well, yes, hashes can be broken eventually but the opening post of this thread mentioned passwords being broken "per second". What I am suggesting is that any password scheme which can be broken in under a day without extremely expensive resources is almost pointless. In fact, for home use then user passwords under such a system are pointless at best and dangerous at worst.
The point is that it's not possible to talk about how long it takes to break a "password scheme", you must take the password itself into account as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.