|
December 29, 2013, 02:44:21 AM |
|
Two words (so not so easy for a dictionary attack), but only 9 invisible letters - 26 times easier than the previous one for bruteforcing. Can be bruteforced letter by letter with single 7970 card in about 2 hours (9x[a-z] = 26^9 combinations = 5429503678976 combinations, with hash rate 685000000 hashes/sec - but possibly more, since plain sha256 will take less time than bitcoin hash, since that one uses two chained sha256's). With dictionary and proper card - mere seconds, probably, to crack the password. You need much longer words (at least 20 hidden characters in 2 or 3 words), or change the scheme (not publishing the hash to make it so easy to verify if the password is correct?)
Basically, you need to think how many combinations someone needs to try to get to the password. Anything less than 10^10 is easily crackable. Anything less than 10^13 is still crackable, though it may be more profitable to use the computing power to mine some coins.
With the new hangman, I loooked into english dictionary. There are 694 words matching the first one (anabo ... vnern) and 6147 words matching the second (aaliis .. zygous). This is just 4266018 combinations - checkable within few seconds on CPU, within few milliseconds on a GPU.
Ok, I checked all combinations from "anabo aaliis" to "vnern zygous" and found nothing matching the hash, but I guess it is just a matter of time before someone with better dictionary or more dictionaries (Spanish, French?) finds the answer without needing any more letters.
|