MD5 Bruteforcer - BarsWF

Last week at the DOAG conference I published a few numbers about the MD5 cracking speed of BarsWF.  Today I found a new record on the web. 3.6 billion (!!!) password hashes per second can calculated with BarsWF. This configuration was using 4x [eVGA 9800GX2] without  overclocking.Here are some calculations how long it takes to break MD5 hashes.All passwords (lowercase or uppercase, alpha, 26^1+26^2+26^3+…)

• up to 8 characters => 60 seconds
• up to 9 characters => 26 minutes
• up to 10 characters => 11 hours

All passwords (mixed case, alphanum, 62^1+62^2+62^3+…)

• up to 7 characters => 16 minutes
• up to 8 characters => 17 hours
• up to 9 characters =>44 days

Several Oracle products like OID, OVS (Oracle Virtual Server) or Apex (until 2.2.) are using plain MD5 for hashing passwords. But even the usage of salt (like Apex 3.0) does not help against this computing power….

Dieser Eintrag wurde am 8 Dez 2008 um 11:32 verfasst und befindet sich in Oracle Security. Sie können alle Antworten zu diesem Eintrag über den Feed RSS 2.0 mitverfolgen. Hinterlassen Sie eine Antwort oder einen Trackback-Link zu Ihrer eigenen Homepage.

| Drucken