

German Brute Forces SHA1 in 49 Minutes for $2  - J3L2404
http://www.itproportal.com/2010/11/19/german-hacks-national-security-agencys-sha1/

======
JoachimSchipper
Really poor headline. This has nothing to do with hacking SHA1: it's just a
dictionary attack on the passwords in question.

SHA1 (and MD5 and similar constructions) are especially vulnerable because
they are fast to evaluate (OpenBSD's Blowfish scheme and cperciva's scrypt
feature a scalable amount of work), but this is _not_ a break of SHA1 per se.

Still, a nice demonstration of what GPU programming can do.

~~~
markpercival
It turns out the 10 passwords he 'hacked' were in the range of 1-6 characters.

More details here:
[http://www.theregister.co.uk/2010/11/18/amazon_cloud_sha_pas...](http://www.theregister.co.uk/2010/11/18/amazon_cloud_sha_password_hack/)

~~~
blibble
If he had just Google'd the hashes he'd have saved himself $2, considering
there was no salting.

~~~
tptacek
The point is that "salting" doesn't slow down the GPU attack.

~~~
pilif
the "attack" was using a dictionary. Salting would certainly defeat that, so
he'd have to brute-force the key-space which would take years despite the
parallel GPU power.

~~~
blibble
(in response to tptacek below)

it doesn't help against a single hash, but for multiple hashes you scale up
the amount of work required by the number of salts in use.

~~~
tptacek
If the observation made here was "this guy got unrealistically impressive
results because he was able to parallelize across every password hash", I'd
agree.

But the observation was instead "this attack worked largely because the
passwords weren't salted". No, false. This attack set a price of $1.62 per
password using the simplest available GPU cluster resource. In no definition
of cryptographic security is $1.62 a reasonable threshold.

Scrypt, bcrypt, or PBKDF2 can increase that cost factor to many tens of
thousands of dollars per password without incurring appreciable costs to the
applications using it.

------
regularfry
The headline is inaccurate; according to
<http://news.ycombinator.com/item?id=1921848>, he cracked SHA1 _14 times_ in
49 minutes.

~~~
pilif
he ran 14 SHA1 hashes of very poor passwords through his dictionary in 49
minutes.

If these were salted hashes or even just better passwords he'd still be
calculating. And he'd STILL be calculating years from now.

~~~
cperciva
If the passwords were salted, he would have cracked one in 49 minutes instead
of 14.

------
goldenthunder
For anyone that wants to try this out, here is the 'german guy's post on the
matter:

[http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-
am...](http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-
ec2-gpu-instances/)

------
vankap
Switching to one of the SHA-2 hashes should be good enough till SHA-3 is
selected.

~~~
tptacek
Switching to SHA2 would do absolutely nothing to defend against GPU-optimized
brute force dictionary searches.

