Reply to post:

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

Anonymous Coward
Anonymous Coward

"As I understand it an eight character password would have been hashed in a much less secure method back then than now. Modern passwords are hashed in such a way as to take a long time to compute in order to resist brute-force attacks."

While the less secure hash method (likely 25 rounds of DES salted with MD5) is an issue, the length offers little protection against a determined attacker. This took 4 days on hardware worth around £1000 (£770 for a PC, £300 for a RX Vega 64 GPU).

Using a faster setup as detailed here (a mid-range Brutalis at $25k - https://terahash.com/#appliances) you get the performance documented here:https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

This raises the hash rate from ~1GH/s to 200GH/s for MD5/24GH/s for SHA256/8GH/s for SHA512 so an 8 character password will be found in under a day regardless of hash used assuming it is a crypt password.

Realistically, you want double that password length or longer for anything important. Which then leads to the "use a password manager" advice.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019