RE: john the ripper

[Arthur Clune <ajc22 () york ac uk>]

--On 09/12/03 02:23:34 +0000 Anish M wrote:

> On Tuesday 02 December 2003 10:52 am, Giacomo wrote:
> > Hi all
> >
> > I am tryning to crack cisco md5 password.
> > Currently I am using a Athlon XP2500barton at 2300mhz

Since password cracking parallelises perfectly, the best solution is a few 
cheap PCs
working in tandem (each does part of the search space).

Since it's a computationally bound task, your 4 p500s would be about the 
same
as 1xp2000. So slower than your current machine. Using those four plus your 
current
one gives you twice the real speed (roughly) of course.

However, cracking md5 hashes is considered hard on standard kit (see the 
message
from Mike).

Let's look at his numbers. You get 3800 c/s rather than his 1500 c/s, so 
his 75,000 years to
search half the space (50% chance of hitting the password) for a 8 
character password becomes ~30000 years.

So now you need 30,000 Athlons for a one year average search time.

It all comes much better if you know the form of the password. If it's only 
lower case you get
26^8 combinations, which takes ~636 days for an exhaustive search.

So if you could find 10 PCs the same as yours, you could do half the search 
space
(50% chance of finding the password) in 636/10/2  = 31 days.

Which is well within the grounds on possibility. Which is why we all ban 
all lower case
passwords :)

Arthur

--
Arthur Clune
PGP signing key A0389A4B. Full key http://www.clune.org/pubkey.txt

---------------------------------------------------------------------------
----------------------------------------------------------------------------