2

I was going about doing my annual password change on my accounts and tried various sites (microsoft, lastpass, etc) to try out hypothetical passwords. Some sites seem a bit more thorough than other sites in their evaluation of password strength but this made me wonder if any of the sites take into account Moores law. That is, one hears about how "it would take 130,000 years to crack X password" but does that take into account that computers double in speed about every two years?

I'd be really curious to see if these sites take this into account, or if there any sites that someone can suggest that do?

Gaiko
  • 23
  • 3
  • And they might not take into account that computer grids are getting bigger and it gets easier to take advantage of cloud computing (and GPUs) to speed up these calculations. – Steven Jun 21 '13 at 12:03
  • What is your question about? Are you missing the feature that it visualizes the strength of your password over time? Normally those password strength checkers run only rudimentary metrics and checking for bit-strength - these normally are independent to Moore's Law, e.g. the bit-strength stays the same. Also it would be nice if you would provide a link to a password checker that writes this out in years. I've never seen one and I wonder on which rules of thumb it might be based on. – hakre Jun 21 '13 at 12:21
  • Seemingly complete (but nothing about time) http://www.passwordmeter.com/ and seemingly less thorough but gives time est https://howsecureismypassword.net/ I know there are some others but can't remember them. – Gaiko Jun 21 '13 at 13:09
  • Moore's law will break down soon, but it's hard to predict when. So taking increase of computation power into account for more than a few years is really hard. – CodesInChaos Jun 21 '13 at 17:48
  • Password strength meters are intended to prevent online password-guessing attempts by removing the worst very-guessable passwords from the candidate pool. As such they are effective when combined with guess-limiting measures such as rate-limiting and lockout, which are not affected by increased client-side processing power. Moore's Law would only aid offline attacks against cracked databases, for which there are different mitigations. – bobince Jun 22 '13 at 22:58

1 Answers1

7

None of these calculations really take into account mores law. But let's see if we can show why we don't have to:

Moore's law states that processing power will double every 18 months (not quite, but good enough for our purposes).

So that means what's 130k years today, will be 65k years in 18 months. And 32.5k in 36 months, and so on, and so on.

We can come up with an equation for that!

cost-at-time = cost-today * 0.5 ^ (months / 18)

So plugging in cost today, we can see this nice pretty graph (x is years):

y = 130000 * .5 ^ (x / 1.5)

So, let's see what our cost will be for our 130k year password, in 50 years:

y = 130000 * .5 ^ (50 / 1.5)
y = 130000 * .5 ^ 33.3333
y = 0.000012 years (~6.3 minutes)

That's pretty fast!

How about 10 years?

y = 130000 * .5 ^ (10 / 1.5)
y = 130000 * .5 ^ 15
y = 1279 years

That's still quite strong...

However. It also misses the point of tunable algorithms like bcrypt and scrypt which are designed to be able to defeat Moore's law.

So if you use bcrypt, scrypt or PBKDF2, and keep tuning the cost so that it runs in a constant time, your password that takes 130k years today to crack (estimated), will still take 130k years to crack in 50 years.

Now, of course that doesn't solve the case where an attacker steals the password hash today, and spends the next 50 years attacking it... But I have to ask, what is your password protecting that a crypto-nerd will spend the next 50 years trying to attack it?

Security via XKCD

hakre
  • 193,403
  • 52
  • 435
  • 836
ircmaxell
  • 163,128
  • 34
  • 264
  • 314
  • Thanks, that covers it! (I had no idea about bcrypt, scrypt and PBKDF2, nice bonus). Cheers! – Gaiko Jun 21 '13 at 13:15