John the Ripper
is a cracking program that runs natively in Linux but can easily be ported to Windows. It can crack pretty much anything but before you go off cracking your leet passwords on Windows you should know that John the Ripper runs way faster on Linux than it does on Windows.
I've been experimenting with different boxes of different speeds to see which would crack the fastest and I've found that a lot of the speed depends on the platform on which John is running. I've been mostly comparing two machines so I'll go ahead and give the specifications of those.
The first is a Dell Dimension with a 1.8 GHz Intel Celeron processor and 768 MB of DDR RAM. The second is an HP laptop with a 1 GHz AMD processor and 256 MB of SDRAM. The Dell runs Windows XP Professional and the laptop boots off of Whax because it doesn't have a working hard drive.
As you can see, the Dell is clearly way faster than the HP but just keep an open mind as the results may surprise you.
NOTE: All cracking here was with MS-Cache hashes using the exact same list of hashes.
I had the Dell run several dictionary and hybrid attacks and it consistently ran at about 450,000 combinations per second (c/s). I had the HP laptop run a bruteforce attack and it consistently ran at about 625,000 combinations per second (c/s).
So, the 1 GHz AMD processor beat out the 1.8 GHz Celeron? I'm not so sure about that. Windows XP takes up a lot of RAM and processor cycles to begin with. Also, John is not meant to run on Windows so it's probably not going to run as well as it would on Linux. I didn't even load up a window manager (ie Fluxbox or KDE) to crack in Whax. This means that next to no processor cycles and very little RAM were taken up by the operating system.
Also, consider that the Dell was running dictionary and hybrid attacks using fairly large dictionaries. The smallest dictionary I had it use was 50 MB and the largest was over 200 MB. I don't know how much of the dictionary John loads into memory before it begins cracking but I would assume it's very little. However, this may have still had an effect on the overall speed despite the fact that the system has 768 MB of DDR RAM.
The bottom line:
Run John the Ripper on Linux whenever possible