2010年及以后的密码破解 [英] Password Cracking in 2010 and Beyond
问题描述
在过去的几天里,我对密码学和相关问题进行了一些研究,到目前为止,我还是很困惑.我有一个有关密码强度的问题,希望有人可以通过分享他们对以下问题的看法来消除我的困惑.我对这些事情着迷,但是需要花时间:-)
I have looked a bit into cryptography and related matters during the last couple of days and am pretty confused by now. I have a question about password strength and am hoping that someone can clear up my confusion by sharing how they think through the following questions. I am becoming obsessed about these things, but need to spend my time otherwise :-)
让我们假设我们有一个八位数字的密码,该密码由大小写字母,数字和通用符号组成.这意味着我们有96 ^ 8〜= 7.2万亿个不同的可能密码.
Let's assume we have an eight-digit password that consists of upper and lower-case alphabetic characters, numbers and common symbols. This means we have 96^8 ~= 7.2 quadrillion different possible passwords.
据我了解,至少有两种方法可以破解此密码.一种是尝试蛮力攻击,在这种攻击中我们尝试猜测每个可能的字符组合.现代处理器(例如,在2010年为Core i7 Extreme,例如)每秒可以猜出多少密码(一个密码猜出多少指令,为什么?)?我的猜测是,要花费数年的时间,现代处理器才能破解这样的密码.
As I understand there are at least two approaches to breaking this password. One is to try a brute-force attack where we try to guess each possible combination of characters. How many passwords can modern processors (in 2010, Core i7 Extreme for eg) guess per second (how many instructions does a single password guess take and why)? My guess would be that it takes a modern processor in the order of years to break such a password.
另一种方法是获取操作系统存储的密码哈希值,然后搜索冲突.根据所使用的哈希类型,我们可能会比通过蛮力攻击更快地获得密码.有关此问题的一些问题:
Another approach would consist of obtaining a hash of my password as stored by operating systems and then search for collisions. Depending on the type of hash used, we might get the password a lot quicker than by the bruteforce attack. A number of questions about this:
- 以上句子中的主张正确吗?
- 我如何考虑为MD4,MD5等哈希查找冲突所需的时间?
最后,无论使用AES-128/256进行文件加密的强度如何,弱链接仍然是我使用的en/decrypt密码.即使破解密文花费的时间比Universe的生存时间更长,对我的解密密码(猜测密码,然后尝试解密文件,尝试下一个密码...)的暴力攻击也可能会更早地获得成功.比宇宙的尽头.那是对的吗?
And finally, regardless of the strength of file encryption using AES-128/256, the weak link is still my en/decryption password used. Even if breaking the ciphered text would take longer than the lifetime of the universe, a brute-force attack on my de/encryption password (guess password, then try to decrypt file, try next password...), might succeed a lot earlier than the end of the universe. Is that correct?
如果人们可以怜悯我并帮助我思考这些可能简单的问题,以便我可以重新开始工作,我将不胜感激.
I would be very grateful, if people could have mercy on me and help me think through these probably simple questions, so that I can get back to work.
推荐答案
据我了解,至少有两个 破解此密码的方法. 一种是尝试蛮力攻击 我们尝试猜测每种可能的地方 字符组合.多少 密码可以使用现代处理器(在 2010年,Core i7 Extreme,例如)猜测 每秒(有多少指令 一个密码就猜出来了,为什么)?
As I understand there are at least two approaches to breaking this password. One is to try a brute-force attack where we try to guess each possible combination of characters. How many passwords can modern processors (in 2010, Core i7 Extreme for eg) guess per second (how many instructions does a single password guess take and why)?
如您所见,这取决于所使用的算法. SHA1是一个常见的(尽管很差)选择,所以让我们考虑一下.
As you observe, this depends on the algorithm used. SHA1 is a common (though poor) choice, so let's consider that.
SHA1最佳实现在1024个字节的块上每字节要求最少5.8个周期;让我们大方一些,并假设它在单个512位块上同样有效;这意味着每个密码块或每个密码猜测都意味着371.2个周期.在您建议的处理器上, Wikipedia声称可以达到147,600 MIPS,这非常乐观,大约为4亿每核每秒的猜测数,或者整个处理器每秒的猜测数不到23亿.请注意,这些都是非常乐观的,但至少应该在球场上.
The best SHA1 implementations in software claim as little as 5.8 cycles per byte on 1024 byte blocks; let's be generous and assume that it's as efficient on a single 512 bit block; that would imply 371.2 cycles per block, or equivalently, per password guess. On your suggested processor, which Wikipedia claims does 147,600 MIPS, that's very optimistically about 400 million guesses per core per second, or a little under 2.3 billion per second for the whole processor. Note these are wildly optimistic, but should be in the ballpark, at least.
另一种可能性是专用硬件:此声称可以在FPGA上运行,每个块执行82个时钟周期,并以350MHz的频率运行-听起来只有每秒420万次猜测并不令人印象深刻,除非您考虑到每个内核只有14,500个门,您才能构建一个其中很多都是Core i7大小的.
Another possibility is dedicated hardware: this claims to run on an FPGA, do 82 clock cycles per block, and run at 350mhz - which doesn't sound impressive at only 4.2 million guesses per second, until you consider that at only 14,500 gates per core, you can build a lot of these in the size of a Core i7.
还请记住,良好的密码哈希方案会反复(数百次,甚至数千次)哈希密码,从而使您必须做的工作量增加相同的倍数.
Also bear in mind that a good password hashing scheme will hash the password repeatedly - hundreds, or even thousands of times - which inflates the amount of work you have to do by the same factor.
但是,如果您没有密码散列的访问权限,那么所有这些都无关紧要-通常您不会.在这种情况下,您会受到猜测的速度的限制,而设计良好的系统将很容易检测到暴力攻击并切断您的访问,从而使密码的大小变得无关紧要.
All of this is somewhat irrelevant, however, if you don't have access to the password hash - which you often wouldn't. In that situation, you're limited by the rate at which you can make guesses, and a well designed system will easily detect your brute-force attack, and cut you off, making the size of the password somewhat irrelevant.
另一种方法是 获取我的密码的哈希为 由操作系统存储,然后 搜索碰撞.根据 使用的哈希类型,我们可能会得到 密码比 蛮力攻击.一些 问题:
Another approach would consist of obtaining a hash of my password as stored by operating systems and then search for collisions. Depending on the type of hash used, we might get the password a lot quicker than by the bruteforce attack. A number of questions about this:
以上句子中的断言是 对吗?
Is the assertion in the above sentence correct?
不完全是.您似乎已经假设您在第一个问题中有密码哈希.暴力攻击 正在搜索每个可能的密码-它们不是两回事.
Not exactly. You seem to already assume you have the password hash in the first question. A brute force attack is searching every possible password - they're not two distinct things.
我如何考虑所需的时间 查找MD4,MD5等的冲突 散列?
How do I think about the time it takes to find collisions for MD4, MD5, etc. hashes?
MD5或SHA1当前没有已知的实用原像攻击.我不确定MD4,但是现在没有人应该使用它!
There are currently no known practical preimage attacks for MD5 or SHA1. I'm not sure about MD4, but nobody in their right mind should be using it now!
最后,无论 使用文件加密的强度 AES-128/256,仍然是我的薄弱环节 使用的加密密码.即使 破解密文将需要 比使用寿命长 宇宙,对我的暴力攻击 解密密码(猜测) 密码,然后尝试解密文件, 尝试下一个密码...),可能会成功 比结束要早很多 宇宙.正确吗?
And finally, regardless of the strength of file encryption using AES-128/256, the weak link is still my en/decryption password used. Even if breaking the ciphered text would take longer than the lifetime of the universe, a brute-force attack on my de/encryption password (guess password, then try to decrypt file, try next password...), might succeed a lot earlier than the end of the universe. Is that correct?
正确,这就是为什么好的加密系统不使用密码生成的密钥直接加密消息,而是使用其他系统(如公共密钥加密),要求攻击者首先获取您的私钥的原因(在这种情况下很难首先),然后然后尝试破解该密码.
Correct, which is why good crypto systems don't encrypt messages directly with a password-generated key, but rather use other systems like public key crypto, requiring the attacker to first get your private key (which ought to be difficult in the first place), then attempt to crack the password on that.
这篇关于2010年及以后的密码破解的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
