Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Mar 2006 16:48:57 +0000
From: Hari Sekhon <>
Subject: JTR not exactly breaking the speed limits

I'm running john on 2 linux machines to crack unshadowed passwords from 
another linux box in the format FreeBSD MD5 [32/32] I think.

One is a pathetic 1GHz Via cpu with 256Mb ram; ./john --status is as 

./john --status
guesses: 1  time: 4:05:50:23 (3)  c/s: 1591

The second box is a better AMD Athlon XP 2200+ with 1.25Gb Ram; it's 
./john --status is as follows

./john --status
guesses: 2  time: 3:16:50:00 (3)  c/s: 5147

What I want to know is why the c/s process is so slow. Is MD5 such a 
slow algorithm to generate a hash with? I think so judging by how long 
it takes me to generate .md5s for files at home....

When cracking cache dumped DES from XP machines I used to get something 
like 300,000 tries a second, I think I'll be here forever on this 
password file. Maybe the salts are making it harder... can't remember 
how many salts this has though and I don't know how to find out.

I know this is the primary decision for choosing the hashing method for 
the shadow file and most linux distros give you the choice between MD5 
and blowfish. I was under the impression that blowfish was the stronger 
since it's slower to generate and therefore stronger to brute force in 
this manner? Are there any stronger?



Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.