Hi Martin,
I did forget to say that it would be salted so that throws it off
by 2^12
A couple of questions. How did you come up with the ~2.5 bits per
word? Would a longer word have more bits?
Why are you using entropy rather than 2^(keyspace)? With 55
possible characters per each individual character space, a 12
character password would have 766,217,865,410,400,000,000
possible combinations without a salt.
Tom Sullivan's Excel spreadsheet for calculating Rainbow Tables,
as corrected by Philippe Oechlin, and based on Philippe's
optimization in the following reference:
http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03
says that it would take 180.341 years to crack with an 86% chance
of success at a hash calculation rate of 100,000,000/sec.
Based on the same speed it would take only 247,465.463 years to
calculate the Rainbow Tables.
So what it boils down to is what is the calculation rate of a
1000 CPU botnet in reality? I chose the 100,000,000 rate sort of
arbitrarily, making assumptions about the hours of real use and
the % of CPU time that would be devoted to creating the Rainbow
Tables.
Even if one were to assume that the real rate would be 1,000
times faster, it still would take nearly 25 years to create the
tables for a twelve character password. If you go to 15
characters then it says it is a mere 4 million years to generate
the tables.
Best,
Allen
mtd wrote:
Allen wrote:
Now take the phrase "Mary had a lamb, and its fleece was as white as
snow." Not counting the quotes it is 52 characters and has both upper
and lower case characters, spaces and two specials or a total of 55 key
space. How big would the rainbow table be to contain that? How long
would it take to compute with 1,000 3 GHz CPUs?
You have given english sentence of 12 words as passphrase. If we count
about 2.5bits of information per word and hash without adding salt, it
results in about 2^30 combinations. When we divide it over botnet of
1000 computers, each must try about 10^6 hashes. I guess you can
calculate the rest of the anwers.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
