password_cracking_vs_time

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:07 +0000

2013.02.10 - password cracking vs. time

when talking about passwords or passwords' (salted) hashes and time required to break them, we assume that passwords that will take significant amount of years to be break are secure. for instance say you have 10 digits password, with lower and upper case characters, digits and special characters. assuming no extra knowledge about the password, this gives about 82 possible characters at each position. having 10 characters means 13744803133596058624 (~10^19) possible passwords.

now assume that you can check 2 millions passwords per second, which gives 63072000000000 attempts per year (~10^14). btw: note that 2 millions attempts per second is not that much – in fact MD5 can be cracked at a speed of about 200 million passwords per second, on a modern GPU).

using the usual approach, this means that we need:

13744803133596058624 / 63072000000000 = 217922

wow – 217922 years to break it. sounds serious? well… there is “a little” flaw in this approach – we assume the same computer will do the calculations thought all that period. although Moore's law is no longer valid, since few years now, and is expected to end for good in a foreseeable future, due to the physical size limits of the transistor, computing power is not doomed. it is just more networked and more parallel over a time. derived from the Moore's law we could expect roughly 2x speedup over 18 months¹⁾. this gives about 1.33 speedup a year. what is happening is we have more than that with the could computing taking over.

even assuming we have pps=1.33 (processing power) speedup a year, and are starting with apy~=10^14 attempts per year for N years we compute a following number of passwords:

pps*apy^0 + pps*apy^1 + pps*apy^2 + ... + pps*apy^(N-1)

this is of course geometric sequence sum, which is:

apy*(1-pps^N)/(1-pps)

to see how many years will it actually take we need to solve the equation:

apy*(1-pps^N)/(1-pps) = ctt

whre ctt is combinations to test (in our example ~10^19). a little maths and we come up with:

N = ln((apy-ctt*(1-pps))/apy) / ln(pps)

which in our example gives… 38 years! though this is a long time, comparing it to the original results of 217922 years, this gives a significant error! to make things worse, we assumed full search, while on average you are expected to find the result after doing just half of all computations (here: after 36 years). this is hell a lot of time, but definitely within ones lifetime. if you add more computational power, say 1000 machines, we can narrow it to 14 years, and if hash happened to be MD5… on average we're expected to find answer in just over a year!

if you'd like to toy around with with parameters here is the BC script for calculating expected time to crack a password.

¹⁾

though Moore says about transistors, not the computational power, but the correlation is strong enough here

via_neural_interface

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:07 +0000

2013.02.10 - via neural interface

yesterday at night, wile doing some scripting, i had a chat with a friend, who's about to visit an oculist, due to spending too much time in front of computer(s). since my eyes were already tired i just though how nice would it be to have a neural-computer interface operational, so that you could I/O with any machine w/o a need to use eyes nor any muscle. you could just plug yourself in, close eyes, lay down and enjoy the pure information stream. even if your tired for this, you can still disconnect and have eyes not tired and fully operational to do other things. and what if lying is not convenient enough? well – imagine doing the same, but in a zero gravity…

ps
just for the record – there are solutions that do muscle impulses reading or even brain wave readings, to perform certain tasks. muscle reading already works fine, if you like to move. :) it's a bit worse when talking about the brainwaves. though you can even buy some basic devices to do that, its still more of a research quality, than the real alternative for screen and keyboard. we still need to wait – hopefully not to long… :)

BaSzErr - blog:2013:02:10

password_cracking_vs_time

2013.02.10 - password cracking vs. time

via_neural_interface

2013.02.10 - via neural interface