> On Mon, 9 Jul 2001, Jeffrey W. Baker wrote:
>
> > Uh huh. So you are saying that, given MD5(password), password may be
> > recovered by brute force. And this is new/interesting in what way?
>
> The interesting thing is he can (allegedly) do it at 2.5e6 tries/second on
> an affordable machine. Being able to exhaust all combinations of 8 digits
> and lowercase letters within 2 weeks makes such an attack much more
> practical.
The claim that he makes is surely interesting. I tried running the md5crack
on my system which is a linux6.1 Intel pentium 3 733 MHz and I was able to
get around 1/100 of what he claims. Although he uses a 1GHz AMD can the
performances be so different ???
Also the complexity of the problem increases exponentially as you start
increasing the number of possible characters in your passwords. For instance
for {a-Z,a-z,0-9} the crack takes 900 odd days and if you also included
other special symbols then it would be even higher and seeing the rate at
which it ran on my computer (1/100 of his claims) the attack would become
quite impractical.
Gaurav...
>
> --Pavel Kankovsky aka Peak [ Boycott
Microsoft--http://www.vcnet.com/bms ]
> "Resistance is futile. Open your source code and prepare for
assimilation."
>
>
>
