On Nov 3, 2009, at 4:09 PM, Jonathan wrote: > 2009/11/2 Karsten Nohl <[email protected]>: >>> I phrased the question wrong perhaps. >>> What is an IDEAL amount of storage for a complete set of tables >>> with a >>> decent probability? >>> >>> 99% or 96% being decent... >> >> The math works out as: >> >> 50% failure rate at <3TB >> Each time you half the failure rate, the storage doubles. >> 75% = 6TB; ... ; 99% = ~150 TB
One correction: This calculation ignored collisions and was therefore even too optimistic. > I remember the THC tables that were (allegedly) computed > were more on the order of 2.2 TB for a 6% I think... > Seems like a large difference... Maybe there is room for improvement? The trade-off goes three ways: storage space vs. attack time vs. failure rate The THC tables -- as I understand them -- had larger coverage in smaller space at the cost of much increased attack time. For those tables to be useable with reasonable attack times you have to have an FPGA cluster. Let 2^D be the available storage (in # of chains), 2^M be the hash size, and 1/2^C be the coverage, then the attack time 2^T (in # of computations) is derived as: Distinguished Point Tables T = 2M - 3C - 2D + 1 Read as: Rainbow Tables T = 2M - 2C - 2D - 2 We use a mix of these two techniques but stay closer to the distinguished points scenario. Parameters for the tables being computed at the moment are: M = 64 (A5/1) D = 38 (4 TB) C = 6 (50% success rate) => T = 33.5 (2 minutes on a computer with GTX260 that has all tables; less when the distributed cracking network is used) _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
