Follow

Does anyone know the rate at which password-cracking methods are improving? Specifically: what is the doubling time?

Also: the process is probably best expressed as keys cracked per second per $1,000 investment, or $1/(key-second). It's not a flat rate, it's a cost-dependent rate for a given point in time.

Quick maths suggests that if the rate-doubling time is 2 years, and a current key is rated at 1 trillion years, *ACTUAL* effective strength is less than 70 years.

@felix Best available / state-of-the-art, method-independent.

I'm looking for the best achieved rates, or keys/sec-dollar net.

I'm remembering the first DES/RSA brute force contests back in the 1990s.

@felix Oh, the *ecrypted* hashing function. Fair point. My bad.

Standardising on something then ... 3DES, maybe?

@dredmorbius 3DES is an encryption function, not even a hashing function (and its very old). So if you use that for passwords, you already fucked up.

Check out this page, especially the section about key stretching: https://crackstation.net/hashing-security.htm

This one has some more info about hashing algorithms: https://security.blogoverflow.com/2013/09/about-secure-password-hashing/

@joeyh Oh, nice approach.

The thing with exponentials is that the crack time starts getting really fast, really fast, a few generations out. The doubling rate matters far more than the cracking rate.

You might alternately set a budget for cracking and compute how long before the password will be hackable at, say, $1m, $1k, $100, and $1.

My intuition is that those will not be separated by much time.

OK, maybe _some_ time -- about 20 years. 3.3 years per OoM.

How much trouble are you worth?

@joeyh If I've got this figured right, the key is crackable for about $1 in 53 years, assuming Moore holds up.

Is your spot pricing following Amazon's pricing trends?

@dredmorbius massively parallel hash chips aren't going to have the same gate size issues as CPUs either.

lil' tankie ☭@felix@radical.town@dredmorbius That depends entirely on the hashing function that you use. With a proper password hash function (which uses tons of memory and cant be parallelized for GPUs), even weak passwords would take a long time to crack. Of course if you use md5 without salt, you dont even need to crack anything as rainbow tables are publicly available.