Path: csiph.com!news.mixmin.net!proxad.net!feeder1-2.proxad.net!usenet-fr.net!news.gegeweb.eu!gegeweb.org!nntp.terraraq.uk!.POSTED.tunnel.sfere.anjou.terraraq.org.uk!not-for-mail
From: Richard Kettlewell <invalid@invalid.invalid>
Newsgroups: comp.os.linux.security
Subject: Re: Adding Secure Passwords to Linux
Date: Fri, 16 Jun 2023 08:29:04 +0100
Organization: terraraq NNTP server
Message-ID: <wwvilbndfwf.fsf@LkoBDZeT.terraraq.uk>
References: <b5a2266d-b904-4175-bbaf-a4e5139754bbn@googlegroups.com> <20220729083657.53e8c00e@8200cmt> <A3fdFLvyyyKnZ8KuK@bongo-ra.co> <slrnu8e496.28ha.trepidation@vps.jonz.net> <wwvcz20r8dn.fsf@LkoBDZeT.terraraq.uk> <LLjnsdLcytWABYcN3@bongo-ra.co>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: innmantic.terraraq.uk; posting-host="tunnel.sfere.anjou.terraraq.org.uk:172.17.207.6"; logging-data="92417"; mail-complaints-to="usenet@innmantic.terraraq.uk"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:yGXVg3eNiF77J4kGwpas9+2Ja3o=
X-Face: h[Hh-7npe<<b4/eW[]sat,I3O`t8A`(ej.H!F4\8|;ih)`7{@:A~/j1}gTt4e7-n*F?.Rl^ F<\{jehn7.KrO{!7=:(@J~]<.[{>v9!1<qZY,{EJxg6?Er4Y7Ng2\Ft>Z&W?r\c.!4DXH5PWpga"ha +r0NzP?vnz:e/knOY)PI-
X-Boydie: NO
Xref: csiph.com comp.os.linux.security:773

Spiros Bousbouras <spibou@gmail.com> writes:
> Richard Kettlewell <invalid@invalid.invalid> wrote:
>> The threat model is an attacker who has acquired a collection of
>> hashed passwords; they then attack them on their own equipment via
>> exhaustive search.
>> 
>> Measuring the attacker in terms of attempts per second isn’t always
>> very useful though, since the attack scales extremely well.
>
> The defence also scales extremely well , you just add a few more
> characters to the password. So how many more characters does one need
> per GPU an attacker can throw at the problem ?

I don’t agree that passwords scale ‘extremely well’ - the longer a
password is the harder it is to remember, and end users start using a
variety of tricks to avoid having to do so, e.g. repeated components,
sequences of dictionary words, etc. The real search space does not
actually expand as fast as you would think.

>> 10^18 SHA256
>> hashes per second is within human civilization’s capacity for example.
>
>     64**16 / (10**18 * 3600 * 24 * 366) = 2505 years
>
> Seems pretty safe to me.
>
>> A common approach is to estimate the money cost of recovering a password
>> of a given complexity, for instance based on the cost of renting GPU
>> capacity from a cloud service provider.
>
> A more "objective" criterion is electricity consumption. So how many
> watts of electricity would it take to do 10^18 SHA256 hashes per second ?

Money seems more objective to me, given that’s the resource someone has
to actually spend to recover a password, and to measure against the
value of the password. There is zero point spending $1M (whether
directly on power, or indirecly as cloud GPU rental) to recover a
password that you can only exploit for $1000 of value.

-- 
https://www.greenend.org.uk/rjk/