LinkedIn used SHA-1, a fast algorithm. At 350-billion guesses per second on the mentioned rig for fast algorithms, yeah, you can get through a lot of passwords quickly. Hopefully LinkedIn has changed their ways. In that same article: "...functions such as Bcrypt, PBKDF2, and SHA512crypt are designed to expend considerably more time and computing resources to convert plaintext input into cryptographic hashes. As a result, the new cluster, even with its four-fold increase in speed, can make only 71,000 guesses against Bcrypt..." And if you use a different salt for each password stored with Bcrypt, the hacker must test each password separately -- no rainbow tables here. Unfortunately they don't say how many iterations of Bcrypt equals 71,000, since you can add more iterations of the algorithm. An example cipher text from bcrypt: $2a$13$Ejtc1pVjyLkZn4eU9FGCg.gOQ3QtbWOsUOvSUKbU2anywhoO04ESy $2a$ indicates the blowfish algorithm, $13$ is the cost factor (number of iterations), the first 22 chars after are the salt and the rest is the cipher text. The higher the number of iterations, the harder computationally it is to go from a password to the cipher text. As hardware improves, the iterations should increase. I was thinking about using the last 2 digits of the year as the cost factor, but that might not scale with hardware linearly. Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today. Beckman On Wed, 27 May 2015, Rich Kulawiec wrote:
On Wed, May 27, 2015 at 01:51:35PM -0400, Barry Shein wrote:
Getting a copy of the database of hashes and login names is basically useless to an attacker.
Not any more, if the hash algorithm isn't sufficiently strong:
25-GPU cluster cracks every standard Windows password in <6 hours http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard...
Quoting:
"Gosney used the machine to crack 90 percent of the 6.5 million password hashes belonging to users of LinkedIn."
Consider as well that not all attackers are interested in all accounts: imagine what this system (or a newer one, this is 2.5 years old) could do if focused on only one account.
And of course epidemic password reuse means that cracked passwords are reasonably likely to work at multiple sites.
And even if passwords aren't reused, there have now been so many breaches at so many places resulting in so many disclosed passwords that a discerning attacker could likely glean useful intelligence by studying multiple password choices made by a target. (We're all creatures of habit.)
---rsk
--------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------