Displaying 5 results from an estimated 5 matches for "hashcat".
Did you mean:
hashcash
2014 Feb 04
0
Password hash rounds solved - important security implications
...ok try_first_pass use_authtok" should be added.
Password hash rounds control seems to be almost unused. I got no responses in the CentOS 5 Security forum or on the general CentOS email list.
People do not seem to understand how important this can be to password security. According to the oclHashcat (hashcat.net) documentation on the fastest GPU enabled PC they have tested, they get 797 million CPS (cracks per second) against SHA512. If the super fast PC is compared to the single CPU PC with no GPU, using the only algorithm common to all tests (NTLM), there is a speed difference of 1981 times....
2020 Aug 30
2
PBKDF2 password hashing as in ASP.NET Core
Thank you for your reply.
It's not that simple, though. Just because some core algorithms are
standardised and should be compatible doesn't mean their use in
different implementations leads to interoperable data. The key point
here seems to be that Dovecot just supports SHA-1 with PBKDF2, not
SHA-256. So I'm out of luck here. The different formats are no longer
relevant then.
2020 Aug 30
0
PBKDF2 password hashing as in ASP.NET Core
...it sceptical that CRYPT-SHA512 is less secure than PBKDF2.
CRYPT-SHA512 is not "just" SHA512(salt||password), it does at least 1000 rounds of hashing in similar way as PBKDF2 does. So, what is your reasoning for claiming that PBKDF2 is much secure than CRYPT-SHA512?
Also, if you look at hashcat cracking speeds, you'll see that the speed of cracking is slower for CRYPT-SHA512 than for PBKDF2-SHA512. See https://github.com/siseci/hashcat-benchmark-comparison/blob/master/1x%20GTX%201080%20TI%20hashcat%20benchmark.txt
Aki
> On 30/08/2020 19:54 Yves Goergen <nospam.list at unclassi...
2017 Oct 27
3
Password encription
Aki Tuomi wrote:
> The use of salt, today, is to prevent the attacker from directly seeing
> who has same passwords. Of course it also will make a rainbow table
> attack less useful,
Not just less useful, but almost infeasible. Given the use of random
salts, you would have to generate (number of possible salts) rainbow
tables. This drastically changes the CPU/storage tradeoffs.
>
2017 Oct 27
0
Password encription
...u want passwords cracked. Of course if the passwords are longer than, say, 8 characters, it becomes less feasible. My point wasn't to say that SHA512 is fully insecure, and adding rounds does make it less so as the expenses rack up.
https://killtacknine.com/test-driving-google-cloud-gpus-with-hashcat/
It's not available on the graphics (puzzling), but if you look at the gist, it'll show that SHA512-CRYPT is cracked at 247.9 kH/s and MD5-CRYPT (salted MD5) at 17579.7 kH/s. As comparison, straight non-salted SHA512 goes at 1402.7 MH/s and MD5 with no salting at 33677.6 MH/s. For referenc...