[Password Leak] LinkedIn database hacked
TangibleCryptography:
Quote from: zhoutong on June 07, 2012, 01:11:30 AM
Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)
I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations. Slightly harder. :) A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized). Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.
Another way to look at it. If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).
There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).
pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack
strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list
cytokine:
Quote from: TangibleCryptography on June 07, 2012, 02:42:54 AM
Quote from: zhoutong on June 07, 2012, 01:11:30 AM
Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)
I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations. Slightly harder. :) A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized). Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.
Another way to look at it. If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).
There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).
pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack
strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list
And the best part about bcrypt is that you can dynamically adapt it over time to keep up with Moore's law. Just update the hash whenever after a user successfully logs in with the updated difficulty level.
With the SHA family, you're stuck.
niko:
Would someone please explain this for the uninitiated: is there only one unique string (password) that corresponds to a given hash? I believe the technical term is collision resistance, right? Once you reverse the hash, can you know for sure that you got it right? If password is a dictionary word, it may be obvious, but how about if everyone were using random strings for their passwords? Would the hacker ever be able to know for sure if the reversed hash is the right one?
justusranvier:
Quote from: niko on June 07, 2012, 06:11:09 AM
is there only one unique string (password) that corresponds to a given hash?
Theoretically there are are infinite number of inputs that will result in the same hash because the hash function outputs a fixed-length value but the input can be any length.
niko:
Quote from: AbelsFire on June 07, 2012, 06:21:16 AM
Quote from: niko on June 07, 2012, 06:11:09 AM
is there only one unique string (password) that corresponds to a given hash?
Theoretically there are are infinite number of inputs that will result in the same hash because the hash function outputs a fixed-length value but the input can be any length.
Yes, thank you. Now, is this statement still true when a typical password is shorter than the 32-byte hash?
Navigation
[0] Message Index
[#] Next page
[*] Previous page