Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP2238D03BD60725B37D9C145FD000@phx.gbl>
Date: Thu, 24 May 2012 20:51:13 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Can Excessive Rounds make Password cracking Infeasable

On 05/24/2012 08:22 PM, Brad Tilley wrote:
>> If you don't have a single-user system, but a server that is used by
>> thousands of users who all login at nearly the same time, the possible
>> delay will be much longer, and the server will hardly be usable for
>> other activities during those times.
> 
> Yes, thanks Frank. I understand that and have no disputes or questions
> about that.

I just wanted to point out that there are other limits for increasing
the iteration count.
E.g., SAP's latest hash algorithm also allows the admin to adjust the
iteration count.
If I set the iteration count to the highest possible value, logging into
the SAP system on my laptop takes roughly half an hour.
And this is just for computing a single hash. Add a password history
size of 10 (also configurable by the admin to prevent password reuse),
and it would take the whole day to login, wouldn't they run into a timeout.

> My question is about the feasibility of cracking such hashes.

Then the answer to your question might be:

Get a large number of hashes for fast saltless hash algorithm, see how
many passwords you crack in the first hour.

Divide the average reported c/s rate by the average number of uncracked
hashes.
Also note the percentage of cracked passwords.

Then try an arbitrary attack (e.g. incremental mode) against your single
hash which also runs at least one hour without finding the correct password.
Interrupt after an hour, check the reported c/s rate.

By comparing the c/s rate with the result you got in your first attempt,
you learn how long cracking the high iteration count salted hash takes
if you want to get a comparable success rate.
(Don't forget to multiply this with the number of different salts you
are attacking simultaneously.)

If you want to know the probability of cracking such a password in a
given time (say one week), just calculate how long you would have to run
your password cracking attempt for the fast hash to process a comparable
number of candidate passwords.
Then check what percentage of fast hashes you cracked in in this time.

This would give you at least a good enough estimate.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.