Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The salts for the sha1 passwords weren't leaked. So they're hard to crack in practical terms. Depends how random they were.

See hashcat docs and benchmarks for complete answers to your questions. The GPU versions of hashcat.



I actually googled before asking my question, and couldn't come up with a good feel for just how crackable these are with hashcat... I guess I don't know the terms or the prices.

Is anyone able to make any sense of the GPU hashcat benchmarks that are posted? Something distilled down to "if you spend $xxx, then you can crack any salted sha1 under 12 letters+digits+punctuation in n hours if you knew the salt; if its bcrypt, that would take x hours". Something like that ;)

Added: I'm a bit confused how the attackers know the hash and not the salt though; normally they are stored side-by-side. Or were dropbox using a site-wide salt?

(I've seen systems with a site-wide salt hardcoded into the codebase and a per-user salt in the db with the hash; This means attackers have to compromise both sourcecode and db to get far.)


A rough estimate for using spot instances on EC2 says you can get maybe 40 trillion SHA1 hashes per dollar. (700MH/s and just under $.07/hour) So one dollar will crack a password 7 characters long. A million dollars will crack a password 10 characters long.

Switch to bcrypt and you're now at 25 million hashes per dollar on those same instances. Now you can barely crack passwords that are 4 characters long, or for a million dollars you get 7 characters.

That's if you know the salt, of course. Otherwise that gets added on to the length you're cracking.

None of this is very exact but it gets you in the right ballpark. And you can compare it to a password manager spitting out 20 character passwords that are completely immune to brute forcing.


Pro tip: Build your own GPU cluster out of consumer gear. It's orders of magnitude cheaper because GPUs for the data center are expensive and/or slow. Our commercial cracker is consumer gear in a custom built chassis in colocation. Cloud GPU just isn't there yet.


So, please give some rough stats :)


I mean... people have also been using FPGAs for password cracking for years too.


This is why strong passwords are important. You can crack a lot of users with Password2016! At 25M/$.


Hash can be stored somewhere else. I also saw systems where some kind of constant for the user was used as a salt. For example first 5 characters of username or timestamp of registration.


I think it's quite unlikely whoever took control of this managed to dump an entire database but couldn't access a password salt.

Do we know for sure these were "salted SHA"? It could well be "SHA1-HMAC through an HSM", and thus, actually be the stronger option.

Alternatively, someone has probably kept a lot of cracked passwords to themselves.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: