>> So with a 10TH miner you can try 10^13 / 10^5 = 10^8 passwords per second >> ...'
This ignores the intolerable overhead created by the computer you are trying to hack! If the remote is deliberately imposing a 1 second turnaround to verify. Using your 10^8 password attempts. The situation is thus: 10^8/seconds/minutes/hours/days/365 10^8/60/60/24/365 = 3.17 years of overhead that the attacking computer has no control over. Your computer speed is of no consequence. Assuming that your quantum magic computer might chew 10^8 permutations in one second. That still means 3.2 years + one second to do the job. Of course, you might get lucky and strike gold after the first 8 months. Or you can attack 100 different computers at once improving the chances of a single successful hit in a shorter period of time. But the fact remains I think the "Hive Systems" chart is a fantasy designed to scare you into using their services. Did I forget to mention that any good password verification will lock you at after 3 or 5 failed attempts? Now we're talking centuries to crack any good password. > On 05/02/2023 1:36 PM Csaba Toth <[email protected]> wrote: > > > Well, some of the data breaches may get hold of the password hash. Like > the master passwords in case of the LastPass breach, and in this case you > don't have to deal with the delay what it takes for a bot to properly go > through the login process (entering username and password in a GUI and click > a button) like I see they constantly try on an exposed RDP endpoint. So in > that case they can brute force closer to the "source", however as you > mentioned even the LastPass master password was hashed I think 100,100 times > - or something - by default (and they are raising it to 600,000), which is > deliberately to make a brute force ~100k times slower. > I don't know if that hash algorithm is in alignment in any way with the > hashes the crypto currencies use. In that case a hacker might utilize ASICs > specifically developed for crunching hashes, those miner rigs are insanely > fast compared to even a GPU, Bard gave me this figure: > Device Hash Rate > CPU 1-10 MH/s > GPU 100-600 MH/s > ASIC Miner 1-10 TH/s > > As you see an ASIC miner could be 1,000-10,000 X faster than a GPU. So > with a 10TH miner you can try 10^13 / 10^5 = 10^8 passwords per second for a > LastPass master password. Then comes the question how big is your dictionary, > and there are techniques like https://en.wikipedia.org/wiki/Rainbow_table > which cut down the crack time. > > So it really depends on the hacker's budget and definitely about the > complexity of the password. Quantum computers might change the picture, but > that's still a few decades (fortunately). > > > On Tue, May 2, 2023 at 10:44 AM Thomas Bartkus <[email protected] > mailto:[email protected] > wrote: > > > > I have quibbles with their methodology. Their computer > already has the password they submit and a separate program has to guess what > it is. By brute force. Try something then try the next. > > > > The problem is that in the real world they don't know what the > > password is. They have to test the trials against a remote or a website. > > Common practice is to make the verification deliberately slow. Enforcing a > > one second turnaround time means it takes a full second to know if they got > > a hit. This lengthens the time to crack it enormously. A 2 second delay > > doubles the time again. An enormous time overhead over which the attacking > > computer has no control. > > > > To get a true picture they need to test against a real (slow!) > > verification process outside their control. Even the simplest passwords > > would take days to crack no matter how fast their computers were. I think > > their chart is wildly inaccurate. > > > > > > What am I missing here? > > On Wednesday, April 19, 2023 at 2:32:29 AM UTC-5 > > [email protected] mailto:[email protected] wrote: > > > > > > > I'm interested in learning more about this: > > > > > > > > > > > > https://www.reddit.com/r/coolguides/comments/12qmk1r/i_updated_our_famous_password_table_for_2023/ > > > > > > > > > > > > > > > -- > > -- > > You received this message because you are subscribed to the Google > > Groups "NLUG" group. > > To post to this group, send email to [email protected] > > mailto:[email protected] > > To unsubscribe from this group, send email to > > [email protected] > > mailto:nlug-talk%[email protected] > > For more options, visit this group at > > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because you are subscribed to the Google > > Groups "NLUG" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to [email protected] > > mailto:[email protected] . > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/nlug-talk/6ec21391-b2e6-473e-9721-a2ebae1e5567n%40googlegroups.com > > > > https://groups.google.com/d/msgid/nlug-talk/6ec21391-b2e6-473e-9721-a2ebae1e5567n%40googlegroups.com?utm_medium=email&utm_source=footer > > . > > > > > > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > mailto:[email protected] . > To view this discussion on the web visit > https://groups.google.com/d/msgid/nlug-talk/CA%2BKhHxL7O%3DWxmx8FDGviVW_EZSZ_10OgHrSrcAbMit-qv0F3dw%40mail.gmail.com > > https://groups.google.com/d/msgid/nlug-talk/CA%2BKhHxL7O%3DWxmx8FDGviVW_EZSZ_10OgHrSrcAbMit-qv0F3dw%40mail.gmail.com?utm_medium=email&utm_source=footer > . > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nlug-talk/234822080.3368667.1683055997100%40connect.xfinity.com.
