[Cryptography] Hashing power of attackers

Maarten Billemont lhunath at lyndir.com
Tue Jul 22 00:46:37 EDT 2014


Is there any kind of recent estimation of what kind of hashing power we should expect identity thieves and other attackers to posses?  Is there public research to demonstrate what kind of cost would be associated with, say, 10B, 50B, 100B SHA-256 hashes per second?  Can we expect the cost for increasing the speed of hashing to increase linearly for all hashes?

To get started, I found a few numbers on hashcat.net:

Hash Type       PC1         PC2         PC3         PC4         PC5
MD4             15445M c/s  4245M c/s   19868M c/s  5718M c/s   183232M c/s
MD5             7893M c/s   2802M c/s   10436M c/s  3178M c/s   93800M c/s
SHA1            2495M c/s   879M c/s    3833M c/s   1103M c/s   29528M c/s
SHA256          1036M c/s   337M c/s    1413M c/s   406M c/s    12328M c/s
SHA512          179M c/s    103M c/s    383M c/s    90M c/s     1952M c/s
SHA-3(Keccak)   157M c/s    91M c/s     277M c/s    111M c/s    2005M c/s

The scrypt paper has a table with cost estimates:

Table 1. Estimated cost of hardware to crack a password in 1 year.

KDF             6 letters   8 letters   8 chars     10 chars    40-char text    80-char text
DES CRYPT       < $1        < $1        < $1        < $1        < $1            < $1
MD5             < $1        < $1        < $1        $1.1k       $1              $1.5
TMD5 CRYPT      < $1        < $1        $130        $1.1M       $1.4k           $1.5 × 10^15
PBKDF2 (100 ms) < $1        < $1        $18k        $160M       $200k           $2.2 × 10^17
bcrypt (95 ms)  < $1        $4          $130k       $1.2B       $1.5M           $48B
scrypt (64 ms)  < $1        $150        $4.8M       $43B        $52M            $6 × 10^19
PBKDF2 (5.0 s)  < $1        $29         $920k       $8.3B       $10M            $11 × 10^18
bcrypt (3.0 s)  < $1        $130        $4.3M       $39B        $47M            $1.5T
scrypt (3.8 s)  $900        $610k       $19B        $175T       $210B           $2.3 × 10^23

How realistic are these numbers (and are the odd drops such as $175T -> $210B typo's?), how modern are they and is there any other reliable research in this area?  In particular, I'm interested in finding out about the different class of attackers and what kind of hashing power we might expect from them (script kiddy, criminal group with eg. a botnet, state / well funded organization).


— Maarten Billemont (lhunath) —
me: http://www.lhunath.com – business: http://www.lyndir.comhttp://masterpasswordapp.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4136 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140722/40524093/attachment.bin>


More information about the cryptography mailing list