Art Bahrs wrote:
> Hi Greg :)
> Check out the CISSP Prep Guide by Ron Kurtz (sp) (white cover with
> weird checkerboard like pattern of colors) for some of the math you are
> asking about...
Although not directly relevant for the 3000's password scheme, one of
the better write-ups about the numbers involved and the feasibility of
brute-force cracking with current technology is contained in:
http://www1.umn.edu/oit/security/passwordattackdiscussion.html
An excerpt related to brute-force cracking:
> "crypts/sec"
> Hashing algorithm Athlon64 2800+ 3.2GHz Xeon
> DES, one salt 569,313 319,960
> FreeBSD MD5 4,079 8,950
> OpenBSD Blowfish 292 448
> NT MD4 (NTLM) 1,101,000 991,817
> NT LM DES (LANMAN 5,180,000 4,524,000
Given these speeds, here are the "half-lifes" of passwords of the
various algorithms (time-to-brute-force/2):
> Algorithm password space Halflife length in seconds
> LANMAN 7.556E12 1.459E6 (~8 days)
> NTLM 6.704E15 3.045E9 (~95 years)
> crypt() 6.704E15 5.888E9 (~185 years)
> *FreeBSD MD5 6.704E15 7.491E11 (>11,000 years)
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|