> On Mon, 9 Jul 2001, Jeffrey W. Baker wrote: > > > Uh huh. So you are saying that, given MD5(password), password may be > > recovered by brute force. And this is new/interesting in what way? > > The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on > an affordable machine. Being able to exhaust all combinations of 8 digits > and lowercase letters within 2 weeks makes such an attack much more > practical. The claim that he makes is surely interesting. I tried running the md5crack on my system which is a linux6.1 Intel pentium 3 733 MHz and I was able to get around 1/100 of what he claims. Although he uses a 1GHz AMD can the performances be so different ??? Also the complexity of the problem increases exponentially as you start increasing the number of possible characters in your passwords. For instance for {a-Z,a-z,0-9} the crack takes 900 odd days and if you also included other special symbols then it would be even higher and seeing the rate at which it ran on my computer (1/100 of his claims) the attack would become quite impractical. Gaurav... > > --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] > "Resistance is futile. Open your source code and prepare for assimilation." > > >
This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 19:46:08 PDT