Re: MD5 is too fast

[Jay Acuna via NANOG <nanog () lists nanog org>]

On Thu, Sep 11, 2025 at 10:17 AM nanog--- via NANOG
<nanog () lists nanog org> wrote:
>

See; The simple policy of:  Routing protocol keys are to be created
using "pwgen 85"  or at least "pwgen 38".
Never create a key by hand.  This rule preferably applies to all
`passwords' sent over the network or keys which
secure a network protocol,  even if encrypted transport is used, and
even if hashed.

> Have you calculated how long it should take to test all 80-bit passwords? 200-bit passwords? 2000-bit passwords?
A password with 80bits randomness or entropy (An ~11-character
properly generated random password)
contains  2^80 = 1208925819614629174706176  possibilities.

If you can make 1 Trillion guesses per second, then it takes on
average  19167  years to crack.
That is the expectation if the hash is secure.
You divide the number of possibilities  by (two times the number of
guesses per second)*86400*365.
Current hardware gets you 80 million guesses per second per GPU for
about $1800 per node,
So the 1 trillion guesses per second is 12,500 hardware nodes
obtainable by spending approximately $22.5 million.

At that rate you need approximately 10 years'  worth of brute forcing
before you have a >= 0.1% chance of guessing it randomly.

Each additional bit doubles the figures  up to approximately 128 bits.
Where you are looking at a 5395141535403007094 years to crack on average.
Adding bits will eventually reach the problem that your hashing algorithm only
maps inputs to 256 bits of output,  so the adversary could guess a
different password
from yours which happens to hash to the same value as the correct one.

> Suppose that a good server can try about a billion passwords per second. How long do you think it takes to try all 
> the passwords?
--
-JA
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/BNJVO2FJCT7CPD5FZSOWRBAZCJLPCNVZ/