关于你能以多快的速度蛮力使用PBKDF2? [英] About how fast can you brute force PBKDF2?
问题描述
然而,我很好奇如何轻而易举地蛮力。我正在查看我们的密码复杂性规则,并且想知道需要多长时间才能完成(比如说)8个小写ascii字母。
这个破解指南LinkedIn密码散列,有人在GPU上每秒处理4.3亿sha1散列。 http://erratasec.blogspot.ie/2012/06/linkedin -vs-password-cracking.html 你会为PBKDF2获得什么样的速度?
有没有人有粗糙的/背对背/球场的数字有多快,一个人可以蛮力PBKDF2?
有一个 2月份在agilebits上进行的覆盖的餐巾纸计算。删节版本:
作为一个球场数据,我将说10,000个PBKDF2迭代将导致
达到数十或更多几百毫秒来测试一个价值
的高端消费者系统的密码。我们对PBKDF2所做的工作是将每百万次测试的成本降低到几百美元。这是
考虑到使用多个
核心和多个GPU的专用软件。
您的erratasec文章以gpu每秒测试4.3亿次SHA-1散列为基准 - agilebits文章显示的衡量指标表明PBKDF2具有10k次迭代会将其降低到每秒大约100k次测试。
远离科学,但让我们进入了球场......
After the linkedin password hash leak, I've been looking at our password hashing. We using Django 1.4 which uses PBKDF2, which is great and a step up from the previous SHA1.
However I'm curious how easily one could brute force that. I'm looking at our password complexity rules, and am wondering how fast it'd take to do (say) 8 length lower case ascii letters.
This guide to cracking the LinkedIn password hash, has someone doing 430 million sha1 hashes per second on a GPU. http://erratasec.blogspot.ie/2012/06/linkedin-vs-password-cracking.html What kinda speeds would you get for PBKDF2?
Does anyone have any rough/back-of-the-envelope/ballpark figures for how fast one could brute force PBKDF2?
There is a writeup over at agilebits from February that does the napkin calculations. The abridged version:
As a ball park figure, I'm going to say 10,000 PBKDF2 iterations leads to tens of or hundred of milliseconds to test a password for a very high-end consumer system. What we are doing with PBKDF2 is reducing things from a million tests per second to a few hundred. This is taking into account specialized software that makes use of multiple cores and multiple GPUs.
So taking your erratasec article that benchmarks 430 million SHA-1 hashes per second on a gpu as a baseline - the agilebits article shows metrics that suggest PBKDF2 with 10k iterations would bring that down to around 100k tests per second.
Far from scientific, but gets us in the ballpark...
这篇关于关于你能以多快的速度蛮力使用PBKDF2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
