Infos

Sie befinden sich aktuell in den Alexander Kornbrust Oracle Security Blog Blog-Archiven für den folgenden Tag 8 Dez 2008.

Calendar
Dezember 2008
M D M D F S S
« Nov   Jan »
1234567
891011121314
15161718192021
22232425262728
293031  
Links

Archive für 8 Dez 2008

MD5 Bruteforcer - BarsWF

Last week at the DOAG conference I published a few numbers about the MD5 cracking speed of BarsWF.  Today I found a new record on the web. 3.6 billion (!!!) password hashes per second can calculated with BarsWF. This configuration was using 4x [eVGA 9800GX2] without  overclocking.Barswf BenchmarkHere are some calculations how long it takes to break MD5 hashes.All passwords (lowercase or uppercase, alpha, 26^1+26^2+26^3+…)

  • up to 8 characters => 60 seconds
  • up to 9 characters => 26 minutes
  • up to 10 characters => 11 hours

All passwords (mixed case, alphanum, 62^1+62^2+62^3+…)

  • up to 7 characters => 16 minutes
  • up to 8 characters => 17 hours
  • up to 9 characters =>44 days

Several Oracle products like OID, OVS (Oracle Virtual Server) or Apex (until 2.2.) are using plain MD5 for hashing passwords. But even the usage of salt (like Apex 3.0) does not help against this computing power….Oracle Virtual Server

|