The Death Throes of crypt()

dex writes "Tom Perrine and Devin Kowatch of the San Diego Supercomputer Center have issued "Teracrack: Password cracking using TeraFLOP and PetaByte Resources" (PDF, HTML version via Google). Using SDSC's prodigious computing facilities, they precomputed 207 billion crypt() hashes in 80 minutes."

Re:Need better crypto

[Directrix1]

Your name is ObviousGuy for a reason then, huh?

I'd take them seriously

[Wee]

I've been to SDSC a bunch of times (it's across campus from where I work). One time when I was there about two years ago, Tom Perrine gave me and a friend a tour of their datacenter. Towards the back, there are two big (and I mean BIG -- like "room-sized") tape libraries. In fact, it's the world's largest tape library. The servers that act as the cache for the libraries are in racks which run about 25 feet long. It's pretty impressive.

One of the libraries' uses was a project by a research guy there who aimed to store every possible combination of 8-character ASCII strings. I forget exactly how much storage space it took up, but it was quite a bit more than what you'd expect just from doing the numbers (they might have been storing metadata or something as well, I don't remember). Anyway, I do remember asking what they intended to do with the data: They wanted to use these to compute password hashes so they could crack passwords in near real-time. It looks like they finally got around to do it.

I haven't yet read their paper so I don't know if they used this data or not, but I'd believe them if they say they've computed all the crypt()-able hashes. Hopefully they'll put up a search interface so you can break your own password. They've got the computing horsepower to spare...

-B