Password validation security issue

Chris Angelico rosuav at
Sat Mar 1 21:11:49 CET 2014

On Sun, Mar 2, 2014 at 6:54 AM, Christian Heimes <christian at> wrote:
> Yes, for most applications brute force is still the best option to crack
> the password. Passwords are usually rather short, have a low entropy and
> modern hardware is insanely fast. With software like [1] and a fast GPU
> it is possible to do more than 10*10^9 checks/second for SHA-256.

Using XKCD 936's estimate, 44 bits of entropy would still require
17592 seconds of processing at 10^9 per second. That's not a lot if
someone's personally targeting you *and* they know you use XKCD 936
*and* know the exact set of 2048 words that you drew your password
from *and* they know how you lay them out (spaces between, no spaces,
whether or not you capitalize the words, etc etc). Not knowing any of
these would add a few more bits of entropy; and if you use
/usr/share/dict/words and take only those words which consist entirely
of lower-case letters, then your corpus is over 65536 words [1], so
you have 64 bits of entropy. Even at 10^10 checks/second (which is
what 10*10^9 is, but that's an odd way to write it), that would be
21350 *days* of dedicated processing, just to crack the one password.
If cracking my password, and mine alone, in sixty years, is considered
"insanely fast", then I'm going to keep using SHA-256 for a while.

The problem isn't SHA-256. The problem is insecure passwords, the way
we've been taught to make them by the banks. Hence, XKCD 936.


[1] On my Debian Wheezy system:
$ grep -c '^[a-z]*$' /usr/share/dict/words

More information about the Python-list mailing list