undefined | Better HN

0 pointsblincoln3y ago0 comments

Maybe you can correct my math. English has something like 500,000 words, but adults who speak it natively know 20,000 - 35,000[1]. If we cut that down to 10,000 to be conservative, that's still 10,000,000,000,000,000 (10 quadrillion) combinations at four words in a password. That's not including any capitalization, special characters between words, etc., just the stock XKCD "four random English words".

No provider is going to let anyone try that many combinations against a login API, but let's consider the case where the hashes have been captured. Hashcat on a Radeon RX 6650 can test about 30 billion MD5 hashes per second, about 200,000 sha512crypt hashes per second, about 500,000 MacOS PBKDF2 passwords per second, and about 32,000 bcrypt hashes per second.[2][3]

To brute-force the "four random English words" space for a single password, I therefore calculate:

MD5: 333,333 seconds (a little under 4 days)

sha512crypt: 50,000,000,000 seconds (578,703 days, or 1,585 years)

Mac OS PBKDF2: 2,000,0000,000 seconds (231,481 days, or 634 years)

bcrypt: 312,500,000,000 seconds (3,616,898 days, or 9909 years)

No one recommends storing passwords as MD5 hashes anymore, but that's the fastest algorithm Hashcat supports. When using the kind of hash that information security specialists tend to recommend these days, it seems like the XKCD method is still pretty safe. Am I missing something? Did I calculate something incorrectly?

Edit 1: Fixed the figures for sha512crypt.

Edit 2: for the NVidia A100 you mentioned in another branch of this thread, it would be about ten times faster per GPU, but it's still an impractically long time for the modern password hashes unless the adversary has millions of dollars to spend on cracking a high-value account's password.

[1] https://wordcounter.io/blog/how-many-words-are-in-the-englis...

[2] https://hashcat.net/forum/thread-10919.html

[3] It would be slower to handle the four English words case, because AFAIK you'd need to use the wordlist mode instead of straight brute force.

[4] https://gist.github.com/Chick3nman/d65bcd5c137626c0fcb05078b...

0 comments

daneel_w3y ago

> Am I missing something?

Sincere efforts in breaking password hashes is something else than a single individual with one GPU at their disposal - it's not the angry neighbor capturing your Wi-Fi traffic or some "randoms" on the dark web who got their hands on a leaked database.

Realistically you will never need to exhaust the full key space (vocabulary), even if the commonly used set would be as high as 10 000. If you refuse to use a password manager and random character strings for passwords then at least don't settle for just four words, because you'll be going for common and memorable words, not something from the fringes of the dictionary. Unlike the case of a bunch of random characters, when picking a couple of words that you can remember easily there's a psychological factor involved which can be attacked, so make it count.

j / k navigate · click thread line to collapse