Introduction.
Against the backdrop of the numerous posts about passwords, decided to do some research.
Currently, password protection is the most common and, unfortunately, the most unreliable method of protection. There are many articles on the topic "How to create a strong password, but I have not seen the article, where are the real data about the reliability of passwords.
The study assesses the reliability of passwords to resist brute-force attack. The most effective method of brute force with brute passwords for hash functions is to make the rainbow tables.
The calculations are carried out for the three hash functions md5, sha1 and sha2 (modification sha512). The calculation does not take data on conflicts in the data hash functions, since from a practical point of view in real selection of the password they will not help, and decent implementations of the software on real time in the open access there. The study involved passwords of 7, 8, 10 and 12 characters in three different alphabets.
For clarity, the results shows the number of passwords, the amount of disk space to store the rainbow tables and the tentative time for constructing the rainbow tables.
Toolkit.
- A computer with a Pentium 4 2.6 GHz and RAM 512 MB,
- Utility winrtgen, part of the Cain &Abel;
Intermediate calculations.
The number of combinations of passwords is (number of characters in the alphabet) ^ (number of characters in the password)
The study involved three alphabets:
- A1 = {abcdefghijklmnopqrstuvwxyz0123456789} 36 characters
- 2 = { abcdefghijklmnopqrstuvwxyz0123456789 !@#$%^&*()-_+="} 51 symbol
- A3 = {abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^&*()-_+=} 77 characters
- A4 = {0123456789} 10 characters
results.
For the alphabet A1
| № |
Number of characters |
hash algorithm |
Disk space |
Time count |
| 1 |
7 |
md5 |
2,98 GB |
5 days |
| 2 |
8 |
md5 |
89,4 GB |
159 days |
| 3 |
10 |
md5 |
113 249 GB |
661.5, the |
| 4 |
12 |
md5 |
178 754 329 GB |
1.19851 e 006 years |
| 5 |
7 |
sha1 |
2,98 GB |
7 days |
| 6 |
8 |
sha1 |
89,4 MB |
230 days |
| 7 |
10 |
sha1 |
113 249 GB |
918 years |
| 8 |
12 |
sha1 |
178 754 329 GB |
1.58632 e 006 years |
| 9 |
7 |
sha512 |
2,98 GB |
16 Days |
| 10 |
8 |
sha512 |
89,4 MB |
1.4 years |
| 11 |
10 |
sha512 |
113 249 GB |
1905 years |
| 12 |
12 |
sha512 |
178 754 329 GB |
3.1438 f 006 |
For the alphabet A 2
| № |
Number of characters |
hash algorithm |
Disk space |
Time count |
| 1 |
7 |
md5 |
232,5 GB |
1 year |
| 2 |
8 |
md5 |
17 GB of 881.4 |
90.2 years |
| 3 |
10 |
md5 |
77486 038.2 GB |
462,539 years old |
| 4 |
12 |
md5 |
- |
- |
| 5 |
7 |
sha1 |
232,5 GB |
1.6 years |
| 6 |
8 |
sha1 |
17 GB of 881.4 |
129 years |
| 7 |
10 |
sha1 |
77486 038.2 GB |
638,089 years |
| 8 |
12 |
sha1 |
- |
- |
| 9 |
7 |
sha512 |
232,5 GB |
3.54, the |
| 10 |
8 |
sha512 |
17 GB of 881.4 |
286.5, the |
| 11 |
10 |
sha512 |
77486 038.2 GB |
1.33807 e 006, the |
| 12 |
12 |
sha512 |
- |
- |
For the alphabet A 3
| № |
Number of characters |
hash algorithm |
Disk space |
Time count |
| 1 |
7 |
md5 |
596 GB |
2.73, the |
| 2 |
8 |
md5 |
41 723 GB |
206 years |
| 3 |
10 |
md5 |
238 418 579 GB |
1.38521 e 006 years |
| 4 |
12 |
md5 |
- |
- |
| 5 |
7 |
sha1 |
596 GB |
4 years |
| 6 |
8 |
sha1 |
41 723 GB |
301 |
| 7 |
10 |
sha1 |
238 418 579 GB |
1.91805 e 006 years |
| 8 |
12 |
sha1 |
- |
- |
| 9 |
7 |
sha512 |
596 GB |
9 years |
| 10 |
8 |
sha512 |
41 723 GB |
654 Year |
| 11 |
10 |
sha512 |
238 418 579 GB |
3.95008 e + 006 years old |
| 12 |
12 |
sha512 |
- |
- |
For the alphabet A4
| № |
Number of characters |
hash algorithm |
Disk space |
Time count |
| 1 |
12 |
md5 |
59,6 MB |
133 days |
| 2 |
15 |
md5 |
59 GB of 604.64 |
426 years |
| 3 |
17 |
md5 |
5960 464.47 GB |
47,574 year |
| 4 |
20 |
md5 |
1665497181 GB |
4.94612 e 007 years |
| 5 |
12 |
sha1 |
59,6 MB |
175 days |
| 6 |
15 |
sha1 |
59 GB of 604.64 |
563 Year |
| 7 |
17 |
sha1 |
5960 464.47 GB |
60 505 years |
| 8 |
20 |
sha1 |
1665 497 181 GB |
6.2405 s 007 years |
| 9 |
12 |
sha512 |
59,6 MB |
359 days |
| 10 |
15 |
sha512 |
59 GB of 604.64 |
1040 years |
| 11 |
17 |
sha512 |
5960 464.47 GB |
110 162 years |
| 12 |
20 |
sha512 |
1665497181 GB |
1.12256 e 008 years |
dash, where the program decided that has she had enough counts.
Conclusions.
The length and composition of passwords, each one must choose for himself, from himself can only say, it is better to choose a password to 12 characters and change it periodically, rather than take the password is 20 characters and feel themselves safe.
PS This is my first post on Habre, not much kick, please.
UPD Added the alphabet A4 and statistics to him.
|
