[tetha]

Offline vs online brute forcing, as I like to call it.

As others have said, if you have the hashes, you can brute force them offline and there won't be any limits on how fast it can go besides your algorithms and compute resources.

But even online, attackers can be pretty smart. For example, something we detected was an attacker rotating both through a bunch of accounts and a bunch of IP addresses. That way you never saw many incorrect login tries per account and IP in a timeframe. It's not millions/billions of tries, but it can get around naive limits per IP or per account and you need some SIEM tooling to detect that.

[stavros]

Modern KDF algorithms are designed to guard against offline attacks by massively increasing the cost per hash. Online or offline, brute forcing shouldn't be an issue nowadays.

Saying "there's no limit besides your resources" is basically saying "there's no limit besides the very real and insurmountable limit there is".

[tetha]

Yeah, I fell into my usual security questionaire wording there.

I'm not even contradicting you there. You can go as fast as you can go. Even if every atom in the current estimation of the universe had a couple thousand computations available, we couldn't brute-force some passwords. Except, now customer security asks you "but what about millions of computations per atom? Checkmate!".

Being too concrete and absolute with these kinds of people ends up with so many stupid discussions.

[stavros]

> You can go as fast as you can go.

This is true, it's just that, with modern KDFs, that's still too slow to matter (unless someone broke them and we don't know). If you use a modern KDF, you basically don't have to worry about brute forcing at all, even for fairly weak passwords.

[tetha]

I know that. You're missing the second part there.

I have been asked by customers about the reliability of our software platform if major german cities have been hit with either nuclear, natural or military disaster. It's that level of silly you sometimes have to deal with.

Eventually I got fed up enough and told those kinda people that I'm volunteering in disaster prevention services and their systems wouldn't be my problem at that point.

[stavros]

Huh, I didn't know people wanted that level of disaster planning.

[PrimeMcFly]

Guess how many systems are using KDF algorithms in practice?

[TillE]

Probably the vast majority of important systems. PBKDF2 has been around forever and is in very widespread use.

[stavros]

The fact that they aren't implementing the solution doesn't mean that the solution doesn't exist or isn't effective, though.

Plus, nowadays, most (all?) big frameworks have used KDFs by default for years.

[PrimeMcFly]

True. I don't think Windows or Linux do though, right?

[stavros]

Linux uses bcrypt by default, AFAIK. Windows had NTLM last I looked, but I don't know what they have now.

[zoolily]

Ubuntu Linux used to use a SHA2 hash repeated 5000 times, but my Ubuntu 22.04 system uses yescrypt, which is one of those KDFs.