Home page logo

pen-test logo Penetration Testing mailing list archives

RE: john the ripper
From: Arthur Clune <ajc22 () york ac uk>
Date: Tue, 09 Dec 2003 17:33:43 +0000

--On 09/12/03 02:23:34 +0000 Anish M wrote:

On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
Hi all

I am tryning to crack cisco md5 password.
Currently I am using a Athlon XP2500barton at 2300mhz

Since password cracking parallelises perfectly, the best solution is a few cheap PCs
working in tandem (each does part of the search space).

Since it's a computationally bound task, your 4 p500s would be about the same as 1xp2000. So slower than your current machine. Using those four plus your current
one gives you twice the real speed (roughly) of course.

However, cracking md5 hashes is considered hard on standard kit (see the message
from Mike).

Let's look at his numbers. You get 3800 c/s rather than his 1500 c/s, so his 75,000 years to search half the space (50% chance of hitting the password) for a 8 character password becomes ~30000 years.

So now you need 30,000 Athlons for a one year average search time.

It all comes much better if you know the form of the password. If it's only lower case you get
26^8 combinations, which takes ~636 days for an exhaustive search.

So if you could find 10 PCs the same as yours, you could do half the search space
(50% chance of finding the password) in 636/10/2  = 31 days.

Which is well within the grounds on possibility. Which is why we all ban all lower case
passwords :)


Arthur Clune
PGP signing key A0389A4B. Full key http://www.clune.org/pubkey.txt


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]