[cryptography] Fwd: Hi all, would like your feedback on something

Brian Hankey bhankey at gmail.com
Tue Dec 29 05:04:46 EST 2015

(part 2 continued...)

This is the question I’m getting at.  I’m sure that the current
implementation is awful as you’ve already pointed out, I only wanted this
is a demo of the concept.

If anyone is game I would love to have a practical challenge.  Let’s say we
are using SHA2.  Let’s say I will tell you the following about my inputs:

1) It is a transform on the domain www.facebook.com and I will even say it
does not include the www. or the .com

2) My number is a date of some kind.

3) My special char obviously you will know, &

4) I will not tell you my version.

How quickly could do you think this could be cracked really? If this answer
involves any of the following: “it would take quite a bit of time,” “it
would require some pretty decent CPU power,” or “it would need someone that
really knows their mathematics and cryptography well”

It would require someone who knows how to use something like John the
Ripper or Hashcat. There are thousands of such people. Using SHA-256, a GPU
acceleration would allow them to probably run millions of guesses per
second on a computer that costs less than $5000 dollars. I’m not going the
take the challenge, but my off the cuff guess is that they’d have a 75
chance of guessing within 4 hours after initial set up and configuration.

(I should note that I don’t do a lot of password cracking myself, but I
very much follow what others are doing).

You can make it harder for them by increasing the burden on the user. But
every time you do that, you make it more likely that the user will use the
same system for each site, thus increasing the risk that cracking one will
need to a crack of all.

If I hear you correctly you are saying that the hacker knows I use this
particular password “system”.  He knows that I use some form of transform
on domain name without www. or .com, that my number is a date of some kind,
that my special char is &, he doesn’t know the version.  You are saying
given all of that you would still need someone who understands password
cracking technologies, has specialized hardware (even if not crazy
expensive), would need to spend some unknown time X on setup and
configuration and then some number of hours on this dedicated machine just
to crack my password?

I would consider that a huge win.  The last time I played with John the
Ripper (at least I’m pretty sure it was that, could have been something
similar) was in the late 90’s using a 486dx 66 MHz with 8MB of ram and some
version of Linux. I realize that the algorithms used today are much better,
but then again so is the hardware.  What I remember was cracking several of
the weakest of the weak passwords within minutes, within hours or perhaps a
couple of days you could easily crack 10-20% of the passwords.  Maybe those
users were particularly stupid but somehow I don’t think so. And this was
just working mostly with the out of the box configuration.

If we are fully understanding each other here, then what I am proposing
does as much, or perhaps even more than I had ever hoped. I thought it
would take a lot more work and development for me to even get to this

Another question of interest me in this case, again assuming I understood
you correctly in the first place is, how easy would it be to search for the
people using this weak system, and would somehow be any easier or more
fruitful than just going after the average passwords?

The most exciting thing I have ever read along these lines is this:

This, and things like

Address = {San Diego, CA},
Author = {Bonneau, Joseph and Schechter, Stuart},
Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
Month = Aug,
Pages = {607--623},
Publisher = {USENIX Association},
Title = {Towards Reliable Storage of 56-bit Secrets in Human Memory},
Year = {2014}}


are great. But the problem is that there is so far no testing (or reason to
believe) that people will be able to do that for dozens of independent
passwords. So those training schemes are good for something like a Master
Password for some password management system, but they are not useful for
the scores of passwords that people need to use.

Wow fantastically interesting leak.  I will watch the presentation and
perhaps comment more later.

What do you think about this one? http://www.nimbusid.com/  While the setup
and login is a bet lengthy, I find it to be extremely user friendly. The
demo requires 3 objects with 7 attributes… I don’t know if whatever math
they are still using would still workout but personally I could see it
being easier to deal with by having more objects but less attributes. I
very much like this system but I can imagine that there must be a reason
why it hasn’t taken off like wild fire yet. Even if many users felt it was
too cumbersome, it would be great to have it as an option. It makes a lot
more sense to me than biometrics, or password, managers, or 2 factor
authentication, etc.  Although somewhere there still must be some unique
data stored in the cloud that could theoretically be stolen in order to
allow this to work it would seem.

Thanks again for your replies, it’s been enlightening.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20151229/3c11e12b/attachment.html>

More information about the cryptography mailing list