-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsec_pw_bits.bc
102 lines (93 loc) · 3.4 KB
/
sec_pw_bits.bc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/bc -l
# Copyright (c) 2024 Guilherme Janczak <[email protected]>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# sec_pw_bits: calculate bits of security needed for secure passwords
#
# Meaning of parameters:
# d = The deadline, in seconds, for the bruteforce attempt.
# s = Acceptable chance of success of the bruteforce attempt in %.
# r = number of hashes per second of the best hashing machine
# b = how much money is available to spend on hashing machines.
# c = the price of a single hashing machine.
define sec_pw_bits(d, s, r, b, c){
auto o, t
o = scale
scale = 8 # Arbitrary, for performance.
t = l(d * 100/s * r * b/c) / l(2)
scale = 1
t = t/1
scale = o
return t
}
define days(n){
return (60*60*24*n)
}
define terahash(n){
return (n*10^9)
}
# Reasonable defaults:
d = days(96) # https://en.wikipedia.org/wiki/DESCHALL_Project took 96 days.
s = 25 # Arbitrary.
# Budget of https://en.wikipedia.org/wiki/EFF_DES_cracker was 250000 USD in
# 1998. Value is scaled to 2024 according to inflation using Google.
b = 479036
# Reasonable values for plain sha256 hashing:
# Antminer S19 XP Hyd bitcoin hash rate, i.e. sha256 rate. Google says it's the
# fastest bitcoin miner today.
r = terahash(255)
c = 5000 # Cost of Antminer according to Google.
"This program estimates how many bits of security a password needs to be safe."
# A newline.
"
"
"It differentiates between services and devices. Services are run by others,"
"
"
"and assumed to be incompetent-they use a plain sha256 to store passwords."
"
"
"Devices are systems you own, and assumed to be competent-they use some kind"
"
"
"of password expansion algorithm to store passwords."
"
"
"(d)eadline in seconds = "; d
"(s)uccess chance % = "; s
"hardware hashes pe(r) second = "; r
"hardware (b)udget = "; b
"hardware (c)ost = "; c
"services: sec_pw_bits(d, s, r, b, c) = "; sec_pw_bits(d, s, r, b, c)
"
"
# Reasonable values for key expansion algorithm.
# /usr/src/lib/libc/crypt.c on OpenBSD 7.5 says the system uses bcrypt and
# benchmarks rounds looking for a value between 6 and 16 rounds that takes
# around 0.1s. My system uses 10 rounds.
# https://gist.github.com/epixoip/63c2ad11baf7bbd57544 says 133KH/s for 8x Titan
# X and bcrypt 5 rounds. Each additional round doubles work, so we're looking at
# 4KH/s at 10 rounds. Unfortunately, that result is from 2015, and it's 2024,
# but we can eyeball progress with Moore's Law, so scale the result based on the
# year.
# 133064 * 2^((year-2015)/2 - (rounds-5))
r = 133064 * 2^((2024-2015) - (10-5))/2
c = 999*8 # GTX Titan X MSRP at launch.
"hardware hashes pe(r) second = "; r
"hardware (c)ost = "; c
"devices : sec_pw_bits(d, s, r, b, c) = "; sec_pw_bits(d, s, r, b, c)
"
"
"You may change d, s, r, b, and c around and call sec_pw_bits() again."
"
"