简体繁体 English

bcrypt如何跟上摩尔定律？

[英]How does bcrypt keep up with Moore's law?

原文 2011-09-17 07:31:02 0 2 security/ hash/ passwords/ bcrypt

I have been seeing recommendations to use bcrypt to hash passwords because of its ability to keep up with Moore's Law. 我一直看到建议使用bcrypt哈希密码，因为它能够跟上摩尔定律。

Apparently the reason for this is because it would take much longer for an attacker to crack a bcrypt hash than a hash generated by a general purpose hash function like SHA256. 显然，原因在于攻击者破解bcrypt哈希要比使用SHA256这样的通用哈希函数生成的哈希需要更长的时间。

How is that possible? 怎么可能？ How can an algorithm be deliberately slow in spite of Moore's law? 尽管有摩尔定律，算法怎么会故意慢？

2 个解决方案

An attacker will want to try all 216,553 english words . 攻击者想要尝试所有216,553个英语单词。

Plus another 12 bits of effort for the common variations , which lets say gives a list of 887,001,088 (2 ²⁹ ) possible passwords. 再加上常见变体的另外12位努力，可以说给出了887,001,088（2 ²⁹ ）个可能的密码列表。

BCrypt takes about 4,342,912 (ie 2 ²² ) operations to calculate one hash (at cost=12) . BCrypt需要大约4,342,912（即2 ²² ）个操作来计算一个哈希值（成本= 12）。

A core today provides about 2 ³¹ cycles/sec; 今天的核心提供大约2 ³¹个周期/秒; the state of the art is 8 = 2 ³ cores per processor for a total of 2 ³ * 231 = 2 ³⁴ cycles/sec. 现有技术是每处理器8 = 2 ^3个核心，总共2 ³ * 231 = 2 ³⁴个周期/秒。 A server typically has 4 processors, increasing the total to 2 ² * 2 ³⁴ = 2 ³⁶ cycles/sec. 服务器通常有4个处理器，总数增加到2 ² * 2 ³⁴ = 2 ³⁶个周期/秒。 2 ²² cycles to calculate one hash * 2 ²⁹ possible (common) passwords = 2 ⁵¹ cycles to run through all (common) passwords. 2 ²²个周期来计算一个哈希值* 2 ^29个可能的（普通）密码= 2个⁵¹个周期来运行所有（通用）密码。

This means that it would take a 4-processor, octo-core, server about 2 ⁵¹ / 2 ³⁶ = 2 ¹⁵ seconds (9 hours) to run through all common passwords. 这意味着，这将需要一个4处理器，八核，服务器约22 ^{分之⁵¹³⁶} = 2 ¹⁵秒（9小时），通过所有的常见密码来运行。

In reality my password is not common, and uses about 44-bits. 实际上我的密码不常见，使用大约44位。 2 ⁴⁴ passwords * 2 ²² cycles per password = 2 ⁶⁶ cycles to try all uncommon passwords. 2 ^44个密码* 2每个密码²²个周期= 2个⁶⁶个周期来尝试所有不常见的密码。 2 ⁶⁶ / 2 ³⁶ cycles/second = 2 ³⁰ seconds (34 years) to find my password. 2 ^66/2 2 ³⁶周/秒= 2 ³⁰秒（34年）找到我的密码。

Moore's Law's says the processing power doubles every 18 months. 摩尔定律说，处理能力每18个月增加一倍。

today: 34 years to find my uncommon password 今天：34年来找到我不常见的密码
1.5 years: 17 years 1。5年：17年
3 years: 8.5 years 3年：8。5年
4.5: 4.25 years 4。5：4。25年
6 years: 2.125 years 6年：2。15年
7.5 years: 1 year 7。5年：1年
9 years: 6 months 9年：6个月
10.5 years: 3 months 10。5年：3个月
12 years: 6 weeks 12年：6周
13.5 years: 3 weeks 13。5年：3周
15 years: 10 days 15年：10天
17.5 years: 5 days 17。5年：5天
19 years: 63 hours 19年：63个小时
20.5 years: 31 hours 20。5年：31个小时

That's now bcrypt holds up against Moore's Law. 现在， bcrypt坚决反对摩尔定律。

Increase the cost factor from 12 to 13 and that will double the times involved. 将成本因素从12增加到13 ，这将使所涉及的时间翻倍。

bcrypt is configurable with a parameter called "work factor". bcrypt可配置一个名为“work factor”的参数。 Internally, it will perform an operation which is similar to hashing, many times successively. 在内部，它将连续多次执行类似于散列的操作。 The "many" is the part that can be configured, up to several billions. “很多”是可以配置的部分，高达数十亿。 So, to cope with Moore's law, just crank up that setting. 因此，为了应对摩尔定律，只需要提高那个设置。 Another function which can be made as slow as wanted is PBKDF2 (see the "iteration count" parameter). 可以根据需要进行的另一个函数是PBKDF2 （参见“迭代计数”参数）。

Note that the point of making the password hashing slow is to make things difficult for the attacker, but it also mechanically makes things slow for the "honest systems" too; 请注意，使密码散列缓慢的目的是让攻击者感到困难，但它也会使“诚实系统”的机制变得缓慢; that's a trade-off. 这是一种权衡。 See this answer (on security.stackexchange) for more details. 有关更多详细信息，请参阅此答案（在security.stackexchange上）。