Advertisement
mainframed767

RACF KDFAES Implementation

Nov 26th, 2018
405
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.33 KB | None | 0 0
  1. [prev in list] [next in list] [prev in thread] [next in thread]
  2.  
  3. List: racf-l
  4. Subject: Re: Statistics on KDFAES
  5. From: Costin Enache <00000252c7734702-dmarc-request () LISTSERV ! UGA ! EDU>
  6. Date: 2018-11-23 17:28:38
  7. Message-ID: 1151329622.5148586.1542994118617 () mail ! yahoo ! com
  8. [Download message RAW]
  9.  
  10. Stu, we have implemented KDFAES on GPU for our password analytics solution \
  11. (shameless: EPAS), and I would say it is a fairly secure hashing scheme. I can \
  12. provide the detailed algorithm upon request, but for your question I guess details \
  13. below are enough:
  14.  
  15. The input for key derivation is:
  16. - for passwords, the original DES (the pre-KDFAES) hash is calculated first; this \
  17. permits one-way migration of old hashes
  18. - for password phrases, the input phrase is hashed with SHA256; this means no \
  19. migration for password phrases
  20.  
  21. The key derivation is using PBKDF2-SHA256, slightly modified. Two sets are done, each \
  22. 8 * 5000 rounds, plus an extra set of 5000. In total there are 9 PBKDF2-SHA256, each \
  23. with 5000 rounds, giving 85000 rounds. This is a lot. Of MIPS too :)
  24.  
  25. The key obtained is used to encrypt the username with AES, giving the final KDFAES \
  26. hash. Cracking this type of hash is not something easily done. The key derivation is \
  27. the time consuming part, the final AES is quite fast.
  28.  
  29. Some numbers for hash probing, all are using GPU acceleration with OpenCL, with \
  30. 1xNvidia 1080 TI, based on hashcat: Original DES: 3909.8 MH/s (3937402282 hashes / \
  31. second)
  32. KDFAES: 29 kH/s (29943 hashes/second)
  33. Our fastest experimental implementation does 690 kH/s (690223 hashes/second), and \
  34. uses 10x Nvidia 2080 GPUs. This is still very slow and cannot be used alone to \
  35. recover passwords.
  36.  
  37. Considering that KDFAES (as well as DES) RACF hashes are salted, the numbers above \
  38. apply for each account. So if cracking a decent KDFAES hashed password takes 1 year, \
  39. 30000 passwords would take 30000 years.
  40.  
  41. Cheers,
  42. Costin
  43.  
  44.  
  45.  
  46.  
  47.  
  48. On Friday, 26 October 2018, 20:45:15 CEST, Stu Henderson <stu@STUHENDERSON.COM> \
  49. wrote:
  50. List, I'm hoping someone can provide actual numbers describing the
  51. advantage of KDFAES over plain old AES (used by some other products).Â
  52. For example, imagine a RACF database with say 30,000 users, all with
  53. their passwords encrypted with KDFAES. And a hacker gets a copy of
  54. this RACF database and runs one of the free password cracker programs.Â
  55. (Imagine that John the Ripper is updated for KDFAES if it hasn't been
  56. already.). Roughly how long would it take to learn all the userids and
  57. passwords? Would it take weeks or months or years? Would it take
  58. longer than the password change interval of say, 30 days?
  59.  
  60. And how would this compare to a security software database that
  61. encrypted the passwords with ordinary AES, not with KDFAES? How much
  62. longer would the hacker have to run the cracker program with KDFAES?
  63.  
  64. I'd be grateful for any sound theoretical answers, and more so for
  65. actual test results. Thanks in advance. Stu
  66.  
  67.  
  68. --
  69. Next mainframe audit seminar November 5-8, 2018 in Bethesda Md; Next
  70. RACF Administration seminar November 27-30 phone (301) 229-7187
  71.  
  72.  
  73.  
  74. [prev in list] [next in list] [prev in thread] [next in thread]
  75.  
  76. Configure | About | News | Add a list | Sponsored by KoreLogic
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement