[Catalog-sig] Pull request to migrate PyPI to bcrypt
Giovanni Bajo
rasky at develer.com
Tue Feb 12 18:03:14 CET 2013
Il giorno 12/feb/2013, alle ore 17:41, Jesus Cea <jcea at jcea.es> ha scritto:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/02/13 14:38, Donald Stufft wrote:
>> What were they hashed with? Even with a salt a fast hash is trivial
>> to bruteforce for a large number of passwords in practically no
>> time with trivial hardware.
>
> Not if your salt has 256 bits of entropy.
The size of the salt does not influence bruteforcing, since the salt is part of the password hash, so it's known to the attacker.
You just load salt+hash into John The Ripper, and bruteforce it. This cluster of 25 consumer Radeon cards:
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
can crack SHA1+salt at 63 billion guesses *per second*. Just to give an idea, if you consider a character set of 80 characters (lowercase, uppercase, numbers, plus symbols), all combinations up to 6 characters can be cracked by that cluster in 4,25 seconds (for each given salt). Up to 7 chars in 337 seconds. Up to 9 chars in 25 days. Obviously, it's actually worse than that, because attackers will use dictionary attacks (with builtin leetification, etc.).
So SHA1+salt is indeed broken, for good.
> Usual approach would be to use two salts: a personal salt per user,
> stored in a different database of the hashed password (to reduce the
> posibility of the same bug affecting both databases), and a global per
> site salt, stored outside of the database.
If I understand you correctly, this second "site salt" is not a salt but a secret, and you shouldn't use it directly within SHA1, but through a PRF. I sent an email yesterday about this:
http://mail.python.org/pipermail/catalog-sig/2013-February/005081.html
--
Giovanni Bajo :: rasky at develer.com
Develer S.r.l. :: http://www.develer.com
My Blog: http://giovanni.bajo.it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4346 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130212/5f18b9bb/attachment-0001.bin>
More information about the Catalog-SIG
mailing list