-2

I was reading that the designers of UNIX password algorithm used a 12 bit salt to modify the E-table of the unix hashing function (the DES). Supposing i have a system with 2^(24) users?

Is that ever possible to user dictinary attack? and if so how long would it take? years??

I am really new on computer security

sorry editing: I am not sure what unit time i guess i have to assuming bytes per minute depending on my code?

The reason I am asking is for a project where one of the questions states: "Consider a system with 2^24 users. Assume that each user is asssigned a salt from a uniform random distribution and that anyone can read the password hashes and salt for users." WHat is expected time to find all users' passwords using dictionary attack?"

thanks very much

superfloyd
  • 97
  • 1
  • 10
  • depends on how many guesses you get per unit of time... your question is like if have to drive 1000 miles how long will it take. – Grady Player Apr 25 '12 at 15:58
  • but in short, no you wont ever in the length of your lifetime be able to guess even one password, if it isn't in your dictionary. – Grady Player Apr 25 '12 at 15:59
  • Make sense. I can have a huge dictionary file and It will be comparing all password for long time – superfloyd Apr 25 '12 at 16:08

1 Answers1

2

Sounds like a homework question that is expecting a formula as an answer. Way too many things unspecified. In particular, a dictionary could be precomputed with all possible salts (2^12 = 4096, not that big) for one password. If all 2^24 users used that same one password, then every password would be in the dictionary and the question is what is the expected time to do 2^24 lookups into a table of 4096. On the other hand, if none of the users passwords are in the dictionary, then you will never find the password using a dictionary attack unless you stumble upon a hash collision.

Probably better asked on security.stackexchange.com

Community
  • 1
  • 1
Old Pro
  • 24,624
  • 7
  • 58
  • 106