From owner-freebsd-security Mon Feb 17 11:11:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA07352 for security-outgoing; Mon, 17 Feb 1997 11:11:17 -0800 (PST) Received: from saguaro.flyingfox.com (saguaro.flyingfox.com [204.188.109.253]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id LAA07332 for ; Mon, 17 Feb 1997 11:11:12 -0800 (PST) Received: (from jas@localhost) by saguaro.flyingfox.com (8.6.12/8.6.10) id LAA14225; Mon, 17 Feb 1997 11:06:05 -0800 Date: Mon, 17 Feb 1997 11:06:05 -0800 From: Jim Shankland Message-Id: <199702171906.LAA14225@saguaro.flyingfox.com> To: imp@village.org, phk@critter.dk.tfs.com Subject: Re: blowfish passwords in FreeBSD Cc: lithium@cia-g.com, security@FreeBSD.org Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Poul-Henning Kamp writes: > I have personally witnessed a P5/60 with a ISA card with some > ASIC's break a well chosen password that was DES encrypted > using bruteforce. > > It took slightly less than 3 hours. Hmm. 2^56 possible keys, so on average, you'd need to try 2^55 keys. Say it takes 2^14 seconds (that's a little more than three hours, but about right); then this board was doing 2^41 encryptions per second, or roughly 2 million per microsecond. Now *that's* what I call brute force :-). How much does this ISA card with the ASICs cost :-)? (If I've erred in this analysis, I'd be happy to stand corrected.) Jim Shankland Flying Fox Computer Systems, Inc.