

NSA@Home: Fast SHA1 Generator Using FPGA  (RE: Engine Yard Hashing Contest) - tsally
http://nsa.unaligned.org/

======
jacquesm
That is one amazing hack, really.

There is also the copabana <http://www.copacobana.org/> for DES breaking.

But the one you're linking here is that much more impressive for working with
recycled boards.

------
bcl
That is pretty incredible! I'm particularly impressed with the use of JTAG on
all the chips to map their connectivity to each other.

------
chengas123
It's cool, but not of much use assuming you're trying to crack a properly
salted hash.

~~~
mrduncan
How so? Since this is a brute force cracker my (admittedly limited)
understanding is that the salt wouldn't do much for you.

    
    
      sha1(secret + salt) = hash
    

Assuming you don't know the salt you're left with (secret + salt). In the
likely case (since you've already gotten the hashed value somehow) that you do
know the salt it is trivial to determine the secret.

Would any of the resident YC crypto folks care to weigh in on this?

~~~
chengas123
Maybe I'm misunderstanding how the hashes are being cracked, but I was under
the impression that this is cycling through all possible inputs, hashing them,
and comparing to the given user input. However, I believe the original value
is restricted to being 8 characters long (assuming that's what this means:
"capable of searching the full 8-character keyspace (from a 64-character
set)"). By salting your hash, you make the input to the hash function much
larger. Then it's quite a bit over 8 characters and no longer feasible to
crack.

~~~
tptacek
The salt value is public. You don't have to brute force it. This isn't a
"rainbow table"; it's exhausting the secret input to the hash function itself.
Your analysis is broken.

~~~
chengas123
Salts are never public. You're assuming that the salt is obtained along with
the hash, which may sometimes but not always be true. However, I did
understate the usefulness of this method since I was assuming the attacker
doesn't have the salt, which often may not be the case.

