Penetration Testing
mailing list archives
RE: john the ripper
From: Arthur Clune <ajc22 () york ac uk>
Date: Tue, 09 Dec 2003 17:33:43 +0000
On 09/12/03 02:23:34 +0000 Anish M wrote:
On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
Hi all
I am tryning to crack cisco md5 password.
Currently I am using a Athlon XP2500barton at 2300mhz
Since password cracking parallelises perfectly, the best solution is a few
cheap PCs
working in tandem (each does part of the search space).
Since it's a computationally bound task, your 4 p500s would be about the
same
as 1xp2000. So slower than your current machine. Using those four plus your
current
one gives you twice the real speed (roughly) of course.
However, cracking md5 hashes is considered hard on standard kit (see the
message
from Mike).
Let's look at his numbers. You get 3800 c/s rather than his 1500 c/s, so
his 75,000 years to
search half the space (50% chance of hitting the password) for a 8
character password becomes ~30000 years.
So now you need 30,000 Athlons for a one year average search time.
It all comes much better if you know the form of the password. If it's only
lower case you get
26^8 combinations, which takes ~636 days for an exhaustive search.
So if you could find 10 PCs the same as yours, you could do half the search
space
(50% chance of finding the password) in 636/10/2 = 31 days.
Which is well within the grounds on possibility. Which is why we all ban
all lower case
passwords :)
Arthur

Arthur Clune
PGP signing key A0389A4B. Full key http://www.clune.org/pubkey.txt


By Date
By Thread
Current thread:
 Re: john the ripper, (continued)
