[Cryptography] Hashing power of attackers
Maarten Billemont
lhunath at lyndir.com
Tue Jul 22 00:46:37 EDT 2014
Is there any kind of recent estimation of what kind of hashing power we should expect identity thieves and other attackers to posses? Is there public research to demonstrate what kind of cost would be associated with, say, 10B, 50B, 100B SHA-256 hashes per second? Can we expect the cost for increasing the speed of hashing to increase linearly for all hashes?
To get started, I found a few numbers on hashcat.net:
Hash Type PC1 PC2 PC3 PC4 PC5
MD4 15445M c/s 4245M c/s 19868M c/s 5718M c/s 183232M c/s
MD5 7893M c/s 2802M c/s 10436M c/s 3178M c/s 93800M c/s
SHA1 2495M c/s 879M c/s 3833M c/s 1103M c/s 29528M c/s
SHA256 1036M c/s 337M c/s 1413M c/s 406M c/s 12328M c/s
SHA512 179M c/s 103M c/s 383M c/s 90M c/s 1952M c/s
SHA-3(Keccak) 157M c/s 91M c/s 277M c/s 111M c/s 2005M c/s
The scrypt paper has a table with cost estimates:
Table 1. Estimated cost of hardware to crack a password in 1 year.
KDF 6 letters 8 letters 8 chars 10 chars 40-char text 80-char text
DES CRYPT < $1 < $1 < $1 < $1 < $1 < $1
MD5 < $1 < $1 < $1 $1.1k $1 $1.5
TMD5 CRYPT < $1 < $1 $130 $1.1M $1.4k $1.5 × 10^15
PBKDF2 (100 ms) < $1 < $1 $18k $160M $200k $2.2 × 10^17
bcrypt (95 ms) < $1 $4 $130k $1.2B $1.5M $48B
scrypt (64 ms) < $1 $150 $4.8M $43B $52M $6 × 10^19
PBKDF2 (5.0 s) < $1 $29 $920k $8.3B $10M $11 × 10^18
bcrypt (3.0 s) < $1 $130 $4.3M $39B $47M $1.5T
scrypt (3.8 s) $900 $610k $19B $175T $210B $2.3 × 10^23
How realistic are these numbers (and are the odd drops such as $175T -> $210B typo's?), how modern are they and is there any other reliable research in this area? In particular, I'm interested in finding out about the different class of attackers and what kind of hashing power we might expect from them (script kiddy, criminal group with eg. a botnet, state / well funded organization).
— Maarten Billemont (lhunath) —
me: http://www.lhunath.com – business: http://www.lyndir.com – http://masterpasswordapp.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140722/40524093/attachment.bin>
More information about the cryptography
mailing list