Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
cs-465:project-7-password-cracking [2017/11/06 17:45]
rysav [Instructions]
cs-465:project-7-password-cracking [2017/11/10 14:04] (current)
rysav [Thought Questions]
Line 29: Line 29:
 #Assuming that you used your setup for this lab alone, how long do you calculate that it would take to crack a 6-character alphanumeric password? ​ 8-characters? ​ 10-characters?​ 12-characters?​ (use the c/s measurement from your experiments). #Assuming that you used your setup for this lab alone, how long do you calculate that it would take to crack a 6-character alphanumeric password? ​ 8-characters? ​ 10-characters?​ 12-characters?​ (use the c/s measurement from your experiments).
 #Do you think that the password meter is a good indication of actual password security? ​ From the results of your experiment, what is your recommendation for minimum password length? ​ Be creative in your response. ​ Imagine what hardware and resources a potential attacker might have, and briefly justify your assessment of the attacker’s capabilities.  ​ #Do you think that the password meter is a good indication of actual password security? ​ From the results of your experiment, what is your recommendation for minimum password length? ​ Be creative in your response. ​ Imagine what hardware and resources a potential attacker might have, and briefly justify your assessment of the attacker’s capabilities.  ​
-#Recently, high-end GPUs have revolutionized password cracking. ​ One tool, [http://www.golubev.com/hashgpu.htm ighashgpu], is able to perform 1.3 billion MD5 hashes per second on an AMD Radeon 5850 (a 2-year-old, mid-to-high range video card). ​ [http://​whitepixel.zorinaq.com/​ Whitepixel],​ another tool, claims that it can perform 33.1 billion hashes per second using 4 Radeon 5970s. ​ Consider your calculations in question #1, and redo them assuming you had access to a system with 4 Radeon 5970s. ​ Do your answers for question #2  change?+#Recently, high-end GPUs have revolutionized password cracking. ​ One tool, [https://www.darknet.org.uk/​2016/​08/​ighashgpu-gpu-based-hash-cracking-sha1-md5-md4/ ​ighashgpu], is able to perform 1.3 billion MD5 hashes per second on an AMD Radeon 5850 (a 2-year-old, mid-to-high range video card). ​ [http://​whitepixel.zorinaq.com/​ Whitepixel],​ another tool, claims that it can perform 33.1 billion hashes per second using 4 Radeon 5970s. ​ Consider your calculations in question #1, and redo them assuming you had access to a system with 4 Radeon 5970s. ​ Do your answers for question #2  change?
 #Fedora 14 and other modern Linux distributions use a SHA-512 (rather than MD5) for hashing passwords. ​ Does the use of this hashing algorithm improve password security in some way?    Why or why not? #Fedora 14 and other modern Linux distributions use a SHA-512 (rather than MD5) for hashing passwords. ​ Does the use of this hashing algorithm improve password security in some way?    Why or why not?
 #Does the use of a salt increase password security? ​ Why or why not? #Does the use of a salt increase password security? ​ Why or why not?
cs-465/project-7-password-cracking.txt · Last modified: 2017/11/10 14:04 by rysav
Back to top
CC Attribution-Share Alike 4.0 International
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0