Re: Time-to-crack MD5 passwords

From: Sigbjørn Lund Olsen (sigbjorn_at_lundolsen.net)
Date: 04/23/04 

Date: Fri, 23 Apr 2004 20:46:37 +0200

Lohkee! wrote:

> "Sigbjørn Lund Olsen" <sigbjorn@lundolsen.net> wrote in message
> news:kybhc.7791$px6.110683@news2.e.nsc.no...
>
>>I'm currently in a bit of a debate with a web hosting company I am a
>>customer of, regarding the length of passwords. They limit the length of
>>passwords to under 8 letters on grounds of some client applications not
>>being capable of handling more. They claim, furthermore, that cracking
>>an 8-letter md5 hashed password would take much too long to be relevant.
>>
>>I do recall looking at some information for how long it took to crack
>>any crypt() password at some point, and was quite shocked at how fast it
>>could be done. I'm however having trouble finding out how long it would
>>take to brute force any 8-letter md5 hashed password via Google.
>>
>>Do any of you know, or know where I might find out, how long time is
>>required to brute force crack any 8-letter md5 hashed password given a
>>normal computer (or ten), these days?
>>
>>Cheers,
>>Sigbjørn Lund Olsen
>
>
> A single 2.0Ghz system can crack about 1,ooo,ooo per second when running
> Windoze. The same machine should be able to crack many more times that when
> using an operating system such as DOS (which uses nominal system resources).
> Networked systems of 10 or so machines could easily hit 1 Billion/sec. None
> of this really matters. You might be interested in the following
>
> http://home.att.net/~lohkee/strong_passwords.htm
>
> http://home.att.net/~lohkee/password_cracking_scams.htm
>
> Regards,
>
> Lohkee!

While I thank you for your reply, I have to say that your two articles
there are just plain dishwater. Password crackers are reliable
benchmarks because should a malicient person gain your password hashes,
*those* are the tools she would be using.

Secondly, even a 'brute force' style attack would take into mind
statistical probabilities. The lexicographical order of the alphabet
used to order the sort would be identicaly to the order of the highest
probability character to the lowest probability character. If we
considered normal English text, that means 'e' is your 0 and some
foobared character like NULL will be 255. Of course, a password string
does not have the same probabilistic character distribution of normal
English text, but it will have some distribution, and all decent
password crackers I know of does use that fact to its advantage.
'zucchini' will get found before '#4H!F%a2' even using a 'not much more
clever than plain dumb' brute force attack, simply because the latter
has several low-probability characters such as and #, !, %.

A good indicator of how fast a password will be cracked by a 'clever'
brute force attack is to Huffman compress it using a Huffman tree based
on a model based on a large number of passwords. Or just to run its hash
through one of the available password crackers.

Do you think the people who write these things are dumb?

Cheers,
Sigbjørn Lund Olsen