Password validation security issue

Chris Angelico rosuav at gmail.com
Sat Mar 1 23:13:25 CET 2014


On Sun, Mar 2, 2014 at 9:07 AM, Christian Heimes <christian at python.org> wrote:
> On 01.03.2014 21:25, Roy Smith wrote:
>> In article <mailman.7533.1393703687.18130.python-list at python.org>,
>>  Christian Heimes <christian at python.org> wrote:
>>
>>>  With software like [1] and a fast GPU
>>> it is possible to do more than 10*10^9 checks/second for SHA-256.
>>
>> Just out of curiosity, how does that differ from 10^10 checks/second?
>
>
> I find 10 * 10^9 easier to read because it has more resemblance to "10
> billion". Next time I'll use the normalized scientific form 1.0e10. ;)

I wasn't sure if it ought to have been 10^9 or 10^10. In any case,
that makes only one order of magnitude of difference, and based on the
way I generate passwords, that still leaves it at 60-ish years of GPU
spinning. (It'd be 600 years at 10^9.)

ChrisA



More information about the Python-list mailing list