On Wed, Jul 11, 2001 at 09:56:29AM +0530, Gaurav Agarwal wrote:
> > > Uh huh. So you are saying that, given MD5(password), password
> > > may be recovered by brute force. And this is new/interesting in
> > > what way?
> >
> > The interesting thing is he can (allegedly) do it at 2.5e6
> > tries/second on an affordable machine. Being able to exhaust all
> > combinations of 8 digits and lowercase letters within 2 weeks
> > makes such an attack much more practical.
>
> The claim that he makes is surely interesting. I tried running the
> md5crack on my system which is a linux6.1 Intel pentium 3 733 MHz
> and I was able to get around 1/100 of what he claims. Although he
> uses a 1GHz AMD can the performances be so different ???
I'm not sure which "md5crack" you're using. I use "mdcrack" from
http://mdcrack.multimania.com/ and you can see it's performance on
http://mdcrack.multimania.com/nsindex.html#performance
CPU / hashes/s
PII 350 Mhz -> 1 145 000
Athlon 1 Ghz -> 2 676 400
PIII 752 -> 2 031 292
etc.
On my system
Red Hat 7.1 Linux / kernel-2.4.3-12 / gcc-2.96-85 / AMD Athlon 850
mdcrack reports ~2e6 hashes/sec.
Have a nice day
--
Martin Mačok
underground.cz
openbsd.cz
