DES
Posted: Fri Jan 23, 2009 7:43 amYes DES-based Unix crypt() is like 30+ yrs old. However, there are still many large legacy UNIX systems out there, and it is still the default in Solaris 10. Also dont forget about the recent security breakin at Twitter, which shows that many companies still dont enforce Strong password policy for all employees. So even with salts, large brute force (possibly rainbow table assisted) dictionary attacks on DES should still be quite feasible, esp with the gp-gpu approaches that this forum centers around.
Current DES stats:
Quad-core Q6700, ~8.8 Mk/s, (using bitslicing)
Playstation 3, ~11.5 Mk/s, (using bitslicing)
DESCHALL Project, ~7 Gk/s, worse case ~120 days, idle time of clients
distributed.net, ~28 Gk/s, worse case ~40 days, idle time of clients
EFF Deepcrack, ~93 Gk/s, worst case ~9 days, cost $250,000 cust hardware
COPACOBANA, ~64 Gk/s, worst case ~13 days, cost $10,000, FPG based
I for one would like to see how well an optimized GPU could do at this...
Current DES stats:
Quad-core Q6700, ~8.8 Mk/s, (using bitslicing)
Playstation 3, ~11.5 Mk/s, (using bitslicing)
DESCHALL Project, ~7 Gk/s, worse case ~120 days, idle time of clients
distributed.net, ~28 Gk/s, worse case ~40 days, idle time of clients
EFF Deepcrack, ~93 Gk/s, worst case ~9 days, cost $250,000 cust hardware
COPACOBANA, ~64 Gk/s, worst case ~13 days, cost $10,000, FPG based
I for one would like to see how well an optimized GPU could do at this...