On Wed, Jul 11, 2001 at 09:56:29AM +0530, Gaurav Agarwal wrote: > > > Uh huh. So you are saying that, given MD5(password), password > > > may be recovered by brute force. And this is new/interesting in > > > what way? > > > > The interesting thing is he can (allegedly) do it at 2.5e6 > > tries/second on an affordable machine. Being able to exhaust all > > combinations of 8 digits and lowercase letters within 2 weeks > > makes such an attack much more practical. > > The claim that he makes is surely interesting. I tried running the > md5crack on my system which is a linux6.1 Intel pentium 3 733 MHz > and I was able to get around 1/100 of what he claims. Although he > uses a 1GHz AMD can the performances be so different ??? I'm not sure which "md5crack" you're using. I use "mdcrack" from http://mdcrack.multimania.com/ and you can see it's performance on http://mdcrack.multimania.com/nsindex.html#performance CPU / hashes/s PII 350 Mhz -> 1 145 000 Athlon 1 Ghz -> 2 676 400 PIII 752 -> 2 031 292 etc. On my system Red Hat 7.1 Linux / kernel-2.4.3-12 / gcc-2.96-85 / AMD Athlon 850 mdcrack reports ~2e6 hashes/sec. Have a nice day -- Martin Mačok underground.cz openbsd.cz
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 09:21:06 PDT