用于Mac FileVault加密的散列有多慢？

Question

某些密码强度估计器(例如，兹克本)给出的估计值随哈希的速度和攻击者假定的资源的不同而变化。我想知道MacOS FileVault加密在MacBooks上使用了什么哈希，以及为了估计攻击的速度，应该将其视为“快速”或“慢”哈希。

更具体地说，一个好的现代GPU每秒能执行多少散列，以便破解一个保护FileVault驱动器的密码？

Answer 1

现代FileVault是一个相对缓慢的散列。哈希猫支持将FileVault 2散列攻击为16700模式。

作为现实世界攻击能力的一个例子，如果一个七个字符的密码是真正随机生成的，那么在一个拥有六个相当快的GPU的钻井平台上，需要七年多一点的时间才能完全耗尽：

$ hashcat -a 3 -m 16700 -w 4 filevault.hash ?a?a?a?a?a?a?a
hashcat (v5.1.0-1685-gf946e321) starting...

CUDA API (CUDA 10.1)
====================
* Device #1: GeForce GTX 1080, 7006/8119 MB, 20MCU
* Device #2: GeForce GTX 1080, 7027/8119 MB, 20MCU
* Device #3: GeForce GTX 1080, 7037/8119 MB, 20MCU
* Device #4: GeForce GTX 1080, 7027/8119 MB, 20MCU
* Device #5: GeForce GTX 1080, 7037/8119 MB, 20MCU
* Device #6: GeForce GTX 1080, 7027/8119 MB, 20MCU

[...]


Session..........: hashcat
Status...........: Quit
Hash.Name........: FileVault 2
Hash.Target......: fvde#qcStackCode#116#qcStackCode#8428604406010843848743485830751320000#qcStackCode#f...704191
Time.Started.....: Wed Mar  4 20:23:59 2020 (11 secs)
Time.Estimated...: Tue May 12 22:42:02 2026 (6 years, 69 days)
Guess.Mask.......: ?a?a?a?a?a?a?a [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:    59646 H/s (273.90ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#2.........:    59243 H/s (275.66ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#3.........:    59351 H/s (275.32ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#4.........:    59343 H/s (275.15ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#5.........:    60227 H/s (271.48ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#6.........:    59819 H/s (273.29ms) @ Accel:16 Loops:1024 Thr:1024 Vec:1
Speed.#*.........:   357.6 kH/s
Recovered........: 0/1 (0.00%) Digests
Progress.........: 3932160/69833729609375 (0.00%)
Rejected.........: 0/3932160 (0.00%)
Restore.Point....: 0/735091890625 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:2-3 Iteration:0-1024
Restore.Sub.#2...: Salt:0 Amplifier:2-3 Iteration:0-1024
Restore.Sub.#3...: Salt:0 Amplifier:2-3 Iteration:0-1024
Restore.Sub.#4...: Salt:0 Amplifier:2-3 Iteration:0-1024
Restore.Sub.#5...: Salt:0 Amplifier:2-3 Iteration:1024-2048
Restore.Sub.#6...: Salt:0 Amplifier:2-3 Iteration:1024-2048
Candidates.#1....: 1arieri -> 1p8xana
Candidates.#2....: 1(ZDERI -> 1uxMONA
Candidates.#3....: 1w9zana -> 1YiQUS1
Candidates.#4....: 1TdWERI -> 1#UDERI
Candidates.#5....: 1r0qwon -> 1kF~~~1
Candidates.#6....: 1O_ !!! -> 1@[1199
Hardware.Mon.#1..: Temp: 44c Fan: 80% Util:  0% Core:1784MHz Mem:4513MHz Bus:8
Hardware.Mon.#2..: Temp: 36c Fan: 81% Util: 19% Core:1759MHz Mem:4513MHz Bus:4
Hardware.Mon.#3..: Temp: 47c Fan: 80% Util: 42% Core:1860MHz Mem:4513MHz Bus:16
Hardware.Mon.#4..: Temp: 45c Fan: 80% Util: 33% Core:1759MHz Mem:4513MHz Bus:4
Hardware.Mon.#5..: Temp: 37c Fan: 80% Util: 52% Core:1898MHz Mem:4513MHz Bus:1
Hardware.Mon.#6..: Temp: 43c Fan: 80% Util:100% Core:1784MHz Mem:4513MHz Bus:1

Started: Wed Mar  4 20:23:47 2020
Stopped: Wed Mar  4 20:24:12 2020

当然，由于大多数密码都不是随机生成的，所以攻击者在使用暴力之前首先会用尽其他方法。