[markpercival]

It turns out the 10 passwords he 'hacked' were in the range of 1-6 characters.

More details here: http://www.theregister.co.uk/2010/11/18/amazon_cloud_sha_pas...

[blibble]

If he had just Google'd the hashes he'd have saved himself $2, considering there was no salting.

[tptacek]

The point is that "salting" doesn't slow down the GPU attack.

[pilif]

the "attack" was using a dictionary. Salting would certainly defeat that, so he'd have to brute-force the key-space which would take years despite the parallel GPU power.

[tptacek]

Exactly how do you think a salt defeats a dictionary attack?

[cperciva]

the "attack" was using a dictionary. Salting would certainly defeat that

No.

[blibble]

(in response to tptacek below)

it doesn't help against a single hash, but for multiple hashes you scale up the amount of work required by the number of salts in use.

[tptacek]

If the observation made here was "this guy got unrealistically impressive results because he was able to parallelize across every password hash", I'd agree.

But the observation was instead "this attack worked largely because the passwords weren't salted". No, false. This attack set a price of $1.62 per password using the simplest available GPU cluster resource. In no definition of cryptographic security is $1.62 a reasonable threshold.

Scrypt, bcrypt, or PBKDF2 can increase that cost factor to many tens of thousands of dollars per password without incurring appreciable costs to the applications using it.