in reply to Re^6: SaltedDigest Salt?
in thread SaltedDigest Salt?

See "For the sake of completeness, the COPACOBANA FPGA implementation tops 2^16 Mencryptions/s.".

  1. 1 FPGA hardware setup does 2^16 Millions SHA512 encrypts/second.
  2. The typical 8-characters x 96 char alphabet 96^8 = 218340105584896;

B / A = 110,075 seconds or a bit over 30.5 hrs. Divide that by the number of FPGA setups you can afford.

Sure, if you can enforce your 16-chars and persuade people to use !"£$%^&*(... et al, the task becomes significantly harder.

But the point remains that it is not the size of the hash (2^512), but the size of the input (96^8, 62^16 etc.) that is the limiting factor.

Length is key. Alphabet size is second.

But keeping the salt secure goes a long way to ensuring the length, and making brute forcing completely infeasible.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?

Replies are listed 'Best First'.
Re^8: SaltedDigest Salt?
by zwon (Abbot) on Feb 09, 2012 at 13:27 UTC
    See "For the sake of completeness, the COPACOBANA FPGA implementation tops 2^16 Mencryptions/s.".

    Again, reread it yourself, they talking about DES, there's no mention of SHA on the page.

    Sure, if you can enforce your 16-chars

    If protected information worth the money why not. If you have to work with people who are not able to remember passwords, probably you should choose different authentication method

[reply]

      Yes. But if you look back at the FPGA pdf I linked, you'll see that they tackled: SHA-1 Skipjack 3DES SHA-512 AES-256. And if you skip ahead to fig.12 , you'll see that in their units, they could process DES at a rate of 91 Mb/s.

      Whilst processing SHA512 is over 6 times faster at 616 Mb/s!

      The information is all there in the links I provided. Burying your head in the sand doesn't make it go away.

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.

      The start of some sanity?
[reply]
        Do you realize that 9625000 blocks per second ( 616 Mb/s ) is not the same as 2^16?
[reply]

In Section Seekers of Perl Wisdom