06-16-2015, 02:12 AM
Presumably people have been seeing the lastpass breach news around. I was confused on one point about the hashing mechanism they are using and the speed at which oclhashcat can attack it, so I'm hoping someone might be able to point out where i'm going wrong.
The reports say this is 100,000 rounds of PBKDF2-HMAC-SHA256. I was under the impression this is analogous to oclhashcat mode 10900. I saw reports from our own epixoip that the cracking speed for this set up would be < 10 H/s even on the TitanX, however i'm seeing different numbers so I was curious to get some clarification.
From the below (bogus hash abbreviated output):
$ ./oclHashcat64.bin -a 3 -m 10900 sha256:99999:2u/ADvs2B8VuxUO/+4PmpxjZ/fn+b/9mc1o8cBmd2M8WWhh5WTgSKArGUw0NaJ8 ?a?a?a?a?a?a
Session.Name...: oclHashcat
Status.........: Running
Input.Mode.....: Mask (?a?a?a?a?a?a) [6]
Hash.Target....: sha256:99999:2u/ADvs2B8VuxUO/+4PmpxjZ/fn+...
Hash.Type......: PBKDF2-HMAC-SHA256
Speed.GPU.#1...: 1980 H/s
I am using 99,999 iterations because oclhashcat doesn't seem to support 100,000 iterations, but obviously the speed difference should be negligent between 99,999 and 100,000.
The speed I'm seeing here, just under 2000 H/s, is obviously way more than 10. I trust epixiop alot more than I trust myself in this space, so i'm wondering what i'm doing wrong here.
Is this?
Any feedback would be welcome.
The reports say this is 100,000 rounds of PBKDF2-HMAC-SHA256. I was under the impression this is analogous to oclhashcat mode 10900. I saw reports from our own epixoip that the cracking speed for this set up would be < 10 H/s even on the TitanX, however i'm seeing different numbers so I was curious to get some clarification.
From the below (bogus hash abbreviated output):
$ ./oclHashcat64.bin -a 3 -m 10900 sha256:99999:2u/ADvs2B8VuxUO/+4PmpxjZ/fn+b/9mc1o8cBmd2M8WWhh5WTgSKArGUw0NaJ8 ?a?a?a?a?a?a
Session.Name...: oclHashcat
Status.........: Running
Input.Mode.....: Mask (?a?a?a?a?a?a) [6]
Hash.Target....: sha256:99999:2u/ADvs2B8VuxUO/+4PmpxjZ/fn+...
Hash.Type......: PBKDF2-HMAC-SHA256
Speed.GPU.#1...: 1980 H/s
I am using 99,999 iterations because oclhashcat doesn't seem to support 100,000 iterations, but obviously the speed difference should be negligent between 99,999 and 100,000.
The speed I'm seeing here, just under 2000 H/s, is obviously way more than 10. I trust epixiop alot more than I trust myself in this space, so i'm wondering what i'm doing wrong here.
Is this?
- Not an equivalent mode to what lastpass is using?
- Not how you specify iterations? (i.e. i'm not really doing 99,999 iterations here)
- Something else I'm doing wrong?
Any feedback would be welcome.