Bitcoin Forum
December 05, 2016, 12:54:38 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: SHA vs BCRYPT Offline brute forcing? Is there a HUGE difference, and sources?  (Read 3663 times)
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 15, 2011, 12:59:36 AM
 #1

So I hear a lot of talk about how Bcrypt is so much better in terms of it making it longer to crack each hashed password from a compromised database.
So Is there really a huge difference in how long it will take to crack a SHA(256/512) in comparison to Bcrypt. and I know the answer is bcrypt but How much of a difference?
are we talking years or just a couple of weeks difference?

Please cite your sources if you have any, if not at least speak from your own experience and not other peoples experience's to sound all smart. Thanks Smiley
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480942478
Hero Member
*
Offline Offline

Posts: 1480942478

View Profile Personal Message (Offline)

Ignore
1480942478
Reply with quote  #2

1480942478
Report to moderator
1480942478
Hero Member
*
Offline Offline

Posts: 1480942478

View Profile Personal Message (Offline)

Ignore
1480942478
Reply with quote  #2

1480942478
Report to moderator
dhall
Newbie
*
Offline Offline

Activity: 22


View Profile
June 16, 2011, 01:08:38 PM
 #2

Did you try researching this at all by yourself? There are a plethora of blog posts explaining exactly what you are asking. Or you could go read the original paper. This would be easy enough to write a test script as well to empirically discover the answer.

With python and going from memory, bcrypt set for 12 rounds takes about .3 seconds on my laptop to compute a hash. I can compute hundreds of thousands of SHA512 hashes in that same amount of time.

Edit: And theoretically, you could make a SHA hash function that ran quite slowly, but why not just use bcrypt at that point.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2016



View Profile
June 17, 2011, 02:26:26 PM
 #3

So I hear a lot of talk about how Bcrypt is so much better in terms of it making it longer to crack each hashed password from a compromised database.
So Is there really a huge difference in how long it will take to crack a SHA(256/512) in comparison to Bcrypt. and I know the answer is bcrypt but How much of a difference?
are we talking years or just a couple of weeks difference?

Please cite your sources if you have any, if not at least speak from your own experience and not other peoples experience's to sound all smart. Thanks Smiley

If you're interested in this area: scrypt is obviously superior to bcrypt for this purpose.  In addition to being simply harder its design prevents someone with specialized hardware from getting an enormous attack cost advantage vs the user.

http://www.tarsnap.com/scrypt/scrypt.pdf

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 17, 2011, 10:03:28 PM
 #4

Did you try researching this at all by yourself? There are a plethora of blog posts explaining exactly what you are asking. Or you could go read the original paper. This would be easy enough to write a test script as well to empirically discover the answer.

With python and going from memory, bcrypt set for 12 rounds takes about .3 seconds on my laptop to compute a hash. I can compute hundreds of thousands of SHA512 hashes in that same amount of time.

Edit: And theoretically, you could make a SHA hash function that ran quite slowly, but why not just use bcrypt at that point.

I wasn't trying to make the bitcoin community to do my searching, no far from it. There is alot of files on google for encryption methods but most are pretty outdated as far as performance goes and I like to hear reliable information, so if someone mentions a factual article here that I've seen it online, That tells me that they probably did their research like I did, Validating that the article I read must be somewhat true. Scince another person with different type of perspective saw that article valid. In other words I don't go by hear say, or just "read an article" online and believe it, I must cross reference and figure out others opinions before I can see it as the truth.

and to g-max well thanks that's a very use full and helpful article about entropy and securing short passwords
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!