Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Death Throes of crypt()

Posted by CmdrTaco on from the now-thats-just-too-bad dept.

dex writes "Tom Perrine and Devin Kowatch of the San Diego Supercomputer Center have issued "Teracrack: Password cracking using TeraFLOP and PetaByte Resources" (PDF, HTML version via Google). Using SDSC's prodigious computing facilities, they precomputed 207 billion crypt() hashes in 80 minutes."

2 of 388 comments (clear)

  1. Change of Methods Needed? by Erioll · · Score: 5, Interesting

    In the wake of stories like this, and yesterday's story about RSA-576 being cracked (here), is this a message that we need more secure forms of encryption than we already have? RSA is great so far, but how long until 1024 is broken? Or any other schemes, like the MD5 hashing that's used for digital signatures?

    Topics that people with lots of credentials behind their names are going to have to solve. Keeping ahead of the crackers is a big concern not only for security of transactions, but for personal privacy as well.

    Erioll

  2. Still by mugnyte · · Score: 5, Interesting

    Even so, using a 10 character input of about 72 possible input chars, isn't 207 billion still only like .0000055% of the total search space?

    So that 20000 * 80minutes gives ~1% of the space cracked?
    2000000 * 80 minutes = 304 years to fully close the space.

    With a perfect distribution, the mean of about 150 years seems like a long time.

    Someone please check my assumptions here.