Re: Time-to-crack MD5 passwords

From: Lohkee! (lohkee_at_worldnet.att.net)
Date: 04/20/04 

Date: Tue, 20 Apr 2004 19:03:23 GMT

"Sigbjørn Lund Olsen" <sigbjorn@lundolsen.net> wrote in message
news:kybhc.7791$px6.110683@news2.e.nsc.no...
> I'm currently in a bit of a debate with a web hosting company I am a
> customer of, regarding the length of passwords. They limit the length of
> passwords to under 8 letters on grounds of some client applications not
> being capable of handling more. They claim, furthermore, that cracking
> an 8-letter md5 hashed password would take much too long to be relevant.
>
> I do recall looking at some information for how long it took to crack
> any crypt() password at some point, and was quite shocked at how fast it
> could be done. I'm however having trouble finding out how long it would
> take to brute force any 8-letter md5 hashed password via Google.
>
> Do any of you know, or know where I might find out, how long time is
> required to brute force crack any 8-letter md5 hashed password given a
> normal computer (or ten), these days?
>
> Cheers,
> Sigbjørn Lund Olsen

A single 2.0Ghz system can crack about 1,ooo,ooo per second when running
Windoze. The same machine should be able to crack many more times that when
using an operating system such as DOS (which uses nominal system resources).
Networked systems of 10 or so machines could easily hit 1 Billion/sec. None
of this really matters. You might be interested in the following

http://home.att.net/~lohkee/strong_passwords.htm

http://home.att.net/~lohkee/password_cracking_scams.htm

Regards,

Lohkee!

Relevant Pages

  • Re: hardware vs. john the ripper
    ... and how your cracking process is structured to address those ... (Some of the add-on modules to john can be ... Crack all the simple ones quickly? ... And what passwords are ...
    (Pen-Test)
  • Re: yet another fake exploit making rounds
    ... > and let them spin there wheels trying to crack the passwords. ...
    (Vuln-Dev)
  • Re: Is WPA-PSK + TKIP really that easily breakable? I dont think so.
    ... Tom's hardware about how to crack it but I am not particularly confident its *that* insecure if you configure other options and use very long complex passwords. ... Of course intend to go 802.1x when available but this is my current ... But with choice of a good pre-shared key and keeping it a secret should be very secure. ...
    (alt.internet.wireless)
  • Re: password security
    ... store local user accounts/ passwords. ... the network would have a SAM for the domain. ... Client so they can authenticate with NTLM V2. ... the hash with a network sniffer and crack it fairly easily. ...
    (microsoft.public.win2000.security)
  • Re: Time-to-crack MD5 passwords
    ... regarding the length of passwords. ... I'm not using it, the company I am a customer of, is. ... I don't see a problem with them using an MD5 hashing algorithm on ...
    (comp.security.misc)