Support for new ASP.NET password storage practices

Linear Mode

Support for new ASP.NET password storage practices

Sc00bz Offline

Junior Member

Posts: 15
Threads: 0
Joined: Sep 2012

11-15-2012, 06:20 AM

Who thought that "PBKDF2_SHA1(pw, salt, 1000, 256)" is a good idea?
Because CPU hash crackers are going to:
* Checking the first 160 bits gets you 2x faster than defender.
* SSE2 gets you 4x faster than defender.
* Cached HMAC gets you 2x faster than defender (this might be used).
* AVX2 (q2 2013) will give you another 2x faster than defender.

Then there's GPUs...

Also 1000 was the minimum recommended 12 years ago.

Find

« Next Oldest | Next Newest »

Messages In This Thread

Support for new ASP.NET password storage practices - by troyhunt - 11-14-2012, 10:17 AM

RE: Support for new ASP.NET password storage practices - by Sc00bz - 11-15-2012, 06:20 AM

RE: Support for new ASP.NET password storage practices - by epixoip - 11-15-2012, 08:12 AM

RE: Support for new ASP.NET password storage practices - by thorsheim - 11-15-2012, 11:54 PM

RE: Support for new ASP.NET password storage practices - by troyhunt - 11-17-2012, 03:04 AM

RE: Support for new ASP.NET password storage practices - by Incisive - 12-12-2012, 09:30 PM

RE: Support for new ASP.NET password storage practices - by radix - 12-15-2012, 12:01 PM

View a Printable Version

Login
Username/Email:
Password:	Lost Password?
	Remember me

hashcat advanced password recovery

hashcat
advanced password recovery