tUpdate README to match latest changes - hashcrush - Compute Argon2id hashes
(HTM) git clone git://git.z3bra.org/hashcrush.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
(DIR) commit cb22bbf011ca4e4795923b7607385146515e7648
(DIR) parent efda80eec824fa1eaecad2bfd48593494bf1442a
(HTM) Author: Willy Goiffon <contact@z3bra.org>
Date: Wed, 16 Aug 2023 14:46:34 +0200
Update README to match latest changes
Diffstat:
M README | 82 +++++++++++++++++++------------
1 file changed, 51 insertions(+), 31 deletions(-)
---
(DIR) diff --git a/README b/README
t@@ -1,51 +1,70 @@
- Hello friend!
- ~~~~~~~~~~~~~
+hashcrush
+=========
-I need your help to build a database of passwords/hashes, because my
-computer is crap and I cannot achieve this goal on my own, in a
-reasonable amount of time.
+Compute argon2id hashes in a parallel fashion.
+
+This project will use all available power to compute argon2id hashes
+based on a random password and salt.
+
+All code is in public domain.
tl;dr
-----
- make -j $(nproc) COUNT=500000 (may take hours)
+To compute hashes for 2 hours, and send me back the results, use the
+following commands:
+
+ timeout 2h make
curl -sT hashes.rec https://up.qw.is
-How?
+Why?
----
+I'm working on a CTF-like challenge for which I need to generate a
+database filled with random passwords and their corresponding argon2id
+hash.
-0. grab a wordlist suitable for diceware[0]
-1. generate ${COUNT} random passwords (ideally >100000)
-2. hash these password, with a randomly generated salt
-3. format the output for ingestion by me
-4. submit the file to https://up.qw.is
+Because argon2 was specifically made to take a long time to compute,
+my computers cannot reach this goal in a reasonable amount of time,
+hence my call for help. For reference, here is the math:
-For reference, 10K records account for ~1.3Mib. Considering a linear
-grow rate, I will need at least 15,000,000 records, which would take
-more than 2 months of it running full time on my own.
+The average record is ~132 bytes.
+To build a 2Gib database, I need 16,268,815 records.
+Computing 100 hashes, using 4 CPU cores takes me 2'20, or 140 seconds.
-The code is mostly shell scripts and a makefile.
-Only exception is "hashgen", a program I wrote in go for hashing
-passwords.
+ 140 * (2*1024*1024*1024) / (100 * 132) = 22776341 seconds
+ 22776341 / (30*24*3600) = 8.7 months
-All code is in public domain.
+Finally, it warms my heart to see strangers helping me out on this
+stupid task 🙃
-Why?
-----
-Because I need a big database (>2Gib) of random argon2id hashes for a
-side project I'm working on, so the more you can generate, the better.
-The passwords have a very high entropy, and every single password is
-salted with a random salt on every loop, making this little experiment
-totally useless to crack passwords in real life, so you're not
-participating to a shady business here.
+ You are awesome, don't change a thing.
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Finally, it warms my heart to see strangers helping me out even though
-the question is weird.
+Usage
+-----
+By default, all your CPU cores will be used to generate hashes.
+No time limit, or count is set by default.
+You can change the default behavior using the variables `NPROC` and
+`COUNT`, or use the `timeout(1)` command:
- You are awesome, don't change a thing.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ make # run ad vitam aeternam
+ make NPROC=2 # only use 2 CPU cores
+ make COUNT=1000000 # generate 1000000 hashes
+ timeout 5h make # stop running after 5 hours
+To run multiple batch, you must clean up generated files after each
+iteration:
+
+ make clean
+
+The default output file is `hashes.rec` (you can change it with the
+`OUTFILE` variable). When you're done, upload the file to:
+[https://up.qw.is][1].
+Please make sure to leave the `.rec` extension when uploading it, so
+it's picked up correctly. You can use `curl(1)` to upload the file:
+
+ curl -sT hashes.rec https://up.qw.is
Dependency
----------
t@@ -55,3 +74,4 @@ Dependency
- curl (only used to download the initial word list)
[0]: https://en.wikipedia.org/wiki/Diceware
+[1]: https://up.qw.is