Top Mud Sites Forum - View Single Post

Pymeus · 06-08-2010, 10:38 PM

Let's look at the crypto hash algorithms that most of us hobbyist crypto types can name off the tops of our heads: MD5, SHA1, SHA256. None of the three has suffered algorithmic reversal on any scale. Major weaknesses in MD5 and SHA1 didn't show up for some 10 years after they went into service, and AFAIK they can't be exploited with most password systems due to length limits. MD5 and SHA1 are still in regular use today, though usually combined with other safeguards. The SHA-2 series has been around for 8 years and doesn't seem to have any known weaknesses.

You brought it up, not me

My original estimate assumed that capitalization was important. Book and movie titles may contain both capitalized and non-capitalized words, so I was working from 52^6 = 1.98*10^10. But unless there's a flaw in my approach, 26^6 is still larger than what I get for Horse!.
That doesn't look like a dictionary approach to me. I'm looking at the search space very differently.

Horse! is a dictionary word, properly capitalized with a single non-alphabetic character tacked on the end. The modern English language is usually estimated to have around 300K words. I'll double that search space on the assumption that the first pass attempts words in all lowercase and pass #2 tries capitalizing the first letters. My keyboard has 42 unique non-alphabetic characters. So to my mind the search space is 600,000*42 = 2.5*10^7. That's 1 order of magnitude behind.

I agree. But I'm also amazed at how little has changed in crypto since I was into this stuff last.

06-08-2010, 10:38 PM	#10
Pymeus Member Join Date: Oct 2008 Home MUD: tharel.net Posts: 36	Re: Passwords Let's look at the crypto hash algorithms that most of us hobbyist crypto types can name off the tops of our heads: MD5, SHA1, SHA256. None of the three has suffered algorithmic reversal on any scale. Major weaknesses in MD5 and SHA1 didn't show up for some 10 years after they went into service, and AFAIK they can't be exploited with most password systems due to length limits. MD5 and SHA1 are still in regular use today, though usually combined with other safeguards. The SHA-2 series has been around for 8 years and doesn't seem to have any known weaknesses. You brought it up, not me My original estimate assumed that capitalization was important. Book and movie titles may contain both capitalized and non-capitalized words, so I was working from 52^6 = 1.9810^10. But unless there's a flaw in my approach, 26^6 is still larger than what I get for Horse!. That doesn't look like a dictionary approach to me. I'm looking at the search space very differently. Horse! is a dictionary word, properly capitalized with a single non-alphabetic character tacked on the end. The modern English language is usually estimated to have around 300K words. I'll double that search space on the assumption that the first pass attempts words in all lowercase and pass #2 tries capitalizing the first letters. My keyboard has 42 unique non-alphabetic characters. So to my mind the search space is 600,00042 = 2.5*10^7. That's 1 order of magnitude behind. I agree. But I'm also amazed at how little has changed in crypto since I was into this stuff last.