Re: Messenger/Hotmail passwords at risk

[Martin Macok <martin.macok () underground cz>]

On Wed, Jul 11, 2001 at 09:56:29AM +0530, Gaurav Agarwal wrote:
> > > Uh huh.  So you are saying that, given MD5(password), password
> > > may be recovered by brute force.  And this is new/interesting in
> > > what way?
> >
> > The interesting thing is he can (allegedly) do it at 2.5e6
> > tries/second on an affordable machine. Being able to exhaust all
> > combinations of 8 digits and lowercase letters within 2 weeks
> > makes such an attack much more practical.
>
> The claim that he makes is surely interesting. I tried running the
> md5crack on my system which is a linux6.1 Intel pentium 3 733 MHz
> and I was able to get around 1/100 of what he claims. Although he
> uses a 1GHz AMD can the performances be so different ???

I'm not sure which "md5crack" you're using. I use "mdcrack" from
http://mdcrack.multimania.com/ and you can see it's performance on
http://mdcrack.multimania.com/nsindex.html#performance

CPU             /       hashes/s
PII 350 Mhz     ->      1 145 000
Athlon 1 Ghz    ->      2 676 400
PIII 752        ->      2 031 292
etc.

On my system 
Red Hat 7.1 Linux / kernel-2.4.3-12 / gcc-2.96-85 / AMD Athlon 850
mdcrack reports ~2e6 hashes/sec.

Have a nice day

-- 
   Martin Mačok
  underground.cz
    openbsd.cz