HP3000-L Archives

February 2006, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: passwords
From:
Jeff Kell <[log in to unmask]>
Reply To:
Jeff Kell <[log in to unmask]>
Date:
Wed, 8 Feb 2006 18:09:28 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (36 lines) 
Art Bahrs wrote:
> Hi Greg :)
>      Check out the CISSP Prep Guide by Ron Kurtz (sp) (white cover with
> weird checkerboard like pattern of colors) for some of the math you are
> asking about...

Although not directly relevant for the 3000's password scheme, one of
the better write-ups about the numbers involved and the feasibility of
brute-force cracking with current technology is contained in:

http://www1.umn.edu/oit/security/passwordattackdiscussion.html

An excerpt related to brute-force cracking:

>    	"crypts/sec"
> Hashing algorithm 	Athlon64 2800+ 	3.2GHz Xeon
> DES, one salt 	569,313 	319,960
> FreeBSD MD5 		4,079 		8,950
> OpenBSD Blowfish 	292 		448
> NT MD4 (NTLM) 	1,101,000 	991,817
> NT LM DES (LANMAN 	5,180,000 	4,524,000

Given these speeds, here are the "half-lifes" of passwords of the
various algorithms (time-to-brute-force/2):

> Algorithm  	password space 	Halflife length in seconds
> LANMAN 	7.556E12 	1.459E6 (~8 days)
> NTLM 		6.704E15 	3.045E9 (~95 years)
> crypt() 	6.704E15 	5.888E9 (~185 years)
> *FreeBSD MD5 	6.704E15 	7.491E11 (>11,000 years)

Jeff

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2