Bitcoin Forum
March 19, 2024, 09:46:13 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: SHA vs BCRYPT Offline brute forcing? Is there a HUGE difference, and sources?  (Read 3926 times)
Xenland (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 1003


I'm not just any shaman, I'm a Sha256man


View Profile
June 15, 2011, 12:59:36 AM
 #1

So I hear a lot of talk about how Bcrypt is so much better in terms of it making it longer to crack each hashed password from a compromised database.
So Is there really a huge difference in how long it will take to crack a SHA(256/512) in comparison to Bcrypt. and I know the answer is bcrypt but How much of a difference?
are we talking years or just a couple of weeks difference?

Please cite your sources if you have any, if not at least speak from your own experience and not other peoples experience's to sound all smart. Thanks Smiley
1710841573
Hero Member
*
Offline Offline

Posts: 1710841573

View Profile Personal Message (Offline)

Ignore
1710841573
Reply with quote  #2

1710841573
Report to moderator
1710841573
Hero Member
*
Offline Offline

Posts: 1710841573

View Profile Personal Message (Offline)

Ignore
1710841573
Reply with quote  #2

1710841573
Report to moderator
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710841573
Hero Member
*
Offline Offline

Posts: 1710841573

View Profile Personal Message (Offline)

Ignore
1710841573
Reply with quote  #2

1710841573
Report to moderator
dhall
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
June 16, 2011, 01:08:38 PM
 #2

Did you try researching this at all by yourself? There are a plethora of blog posts explaining exactly what you are asking. Or you could go read the original paper. This would be easy enough to write a test script as well to empirically discover the answer.

With python and going from memory, bcrypt set for 12 rounds takes about .3 seconds on my laptop to compute a hash. I can compute hundreds of thousands of SHA512 hashes in that same amount of time.

Edit: And theoretically, you could make a SHA hash function that ran quite slowly, but why not just use bcrypt at that point.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4158
Merit: 8343



View Profile WWW
June 17, 2011, 02:26:26 PM
 #3

So I hear a lot of talk about how Bcrypt is so much better in terms of it making it longer to crack each hashed password from a compromised database.
So Is there really a huge difference in how long it will take to crack a SHA(256/512) in comparison to Bcrypt. and I know the answer is bcrypt but How much of a difference?
are we talking years or just a couple of weeks difference?

Please cite your sources if you have any, if not at least speak from your own experience and not other peoples experience's to sound all smart. Thanks Smiley

If you're interested in this area: scrypt is obviously superior to bcrypt for this purpose.  In addition to being simply harder its design prevents someone with specialized hardware from getting an enormous attack cost advantage vs the user.

http://www.tarsnap.com/scrypt/scrypt.pdf

Xenland (OP)
Legendary
*
Offline Offline

Activity: 980
Merit: 1003


I'm not just any shaman, I'm a Sha256man


View Profile
June 17, 2011, 10:03:28 PM
 #4

Did you try researching this at all by yourself? There are a plethora of blog posts explaining exactly what you are asking. Or you could go read the original paper. This would be easy enough to write a test script as well to empirically discover the answer.

With python and going from memory, bcrypt set for 12 rounds takes about .3 seconds on my laptop to compute a hash. I can compute hundreds of thousands of SHA512 hashes in that same amount of time.

Edit: And theoretically, you could make a SHA hash function that ran quite slowly, but why not just use bcrypt at that point.

I wasn't trying to make the bitcoin community to do my searching, no far from it. There is alot of files on google for encryption methods but most are pretty outdated as far as performance goes and I like to hear reliable information, so if someone mentions a factual article here that I've seen it online, That tells me that they probably did their research like I did, Validating that the article I read must be somewhat true. Scince another person with different type of perspective saw that article valid. In other words I don't go by hear say, or just "read an article" online and believe it, I must cross reference and figure out others opinions before I can see it as the truth.

and to g-max well thanks that's a very use full and helpful article about entropy and securing short passwords
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!