Conversation

Notices

Embed this notice
Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Friday, 26-Apr-2024 00:42:02 JST Patrick C Miller :donor:

New Password Cracking Analysis Targets Bcrypt - SecurityWeek https://www.securityweek.com/new-password-cracking-analysis-targets-bcrypt/
In conversation about 7 months ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.securityweek.com
  
  New Password Cracking Analysis Targets Bcrypt
  
  from @https://twitter.com/EduardKovacs
  
  Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.
- Embed this notice
  Royce Williams (tychotithonus@infosec.exchange)'s status on Friday, 26-Apr-2024 01:26:17 JST Royce Williams
  in reply to
  
  @patrickcmiller I have multiple issues with that article, and with Hive's coverage of password best practices generally:
  https://infosec.exchange/@tychotithonus/112329332902658519
  In conversation about 7 months ago permalink
  Attachments
  1. No result found on File_thumbnail lookup.
    
    Royce Williams (@tychotithonus@infosec.exchange)
    
    from Royce Williams
    
    @campuscodi@mastodon.social Generally good advice to use passphrases, but that wasn't my take-away from the Hive post. Nothing they present supports that conclusion. First, no one uses bcrypt cost 32 facing a general userbase - it would take more than a day to authenticate! https://gist.github.com/roycewilliams/d231a65288de688b1c0fa27a1822ce53 (Edit: if they mean 32 *iterations* as in bcrypt cost 5 (as @womble suggests), that's at the other end of the spectrum - it's only one factor higher than the minimum allowed by the spec, and is not the default for any implementations - cost 5 is relatively rare, with less than 10% of all bcrypt leaks on Hashmob are cost 5, 75% are cost 10, and 90% are cost 8 or higher). It *is* hashcat's benchmark default, but that in no way qualifies it as the best representative real-world attack target) Further, even if your password has been leaked, even with a hundred GPUs, I can't crack a bcrypt of it "instantly" (even if it's a single hash - and usually it's many hashes being attacked at once, and attack speed increases with each hash!)... unless it's in the top 10 or 100 passwords. Even with my bcrypt-optimized FPGA rig, it'll take *days* for me to even try the first million passwords, let alone the *billions* that have been leaked. The "Password table if your password has been previously stolen, uses dictionary words, or if you reuse it between websites" chart is 100% invalid. Third, rainbow tables are *useless* against bcrypt (or almost any other salted hash, except maaaybe descrypt in some limited forms, because its salt is too small). Also, the statement "the xkcd password is not a randomly generated password" is factually incorrect, amd means that Hive doesn't actually understand the fundamental point of the comic. Also, a general peeve: Hive *refuses* to put the word "random" on the chart itself, despite pleas from the community. Every year, this causes a flood of user confusion - it's *not* going to take a billion years to crack "ImTheProblemItsM3!" They bury this under "Limitations" ("These metrics assume that passwords are randomly generated"), but most users only ever see the graphic. It's irresponsible public comms. Edit: And finally, while argon2 and yescrypt are more parallelization unfriendly, as far as raw bcrypt attack speed is concerned, there is a simple solution for those who need time to migrate to something better: increase bcrypt's work factor. Each increment *doubles* the work necessary. It was built for this.

Public

Conversation

Notices

Feeds