Statistic on password cracking speed needed

[TechGrunt]

Hi everyone
As part of a university assignment, I am in need of statistics on speed of password cracking software (ie number of passwords/second).

I have googled and searched AO and the most I was able to find was a figure of 15 million/sec on a 1 Ghz machine using a Archive Password recovery tool. For the purposes of what I am writting I am really after statistics relating to operating system password cracking (specifically Windows 2003). Still possibly a stat I could use if nothing else available, but just looking for a little closer to the situation I am writing about.

Any reference anyone could point me too would be much appreciated.

Regards

TG

[nihil]

Hi TechGrunt

Sorry I cannot help too much right now, other than to raise a few questions.

As you are talking Windows Professional you have a password of a potential 127 characters (the 128th. is a check digit IIRC)

Now, the speed will depend on the length, so you can crack the old 9x/ME 14 character passes much faster.

Are you looking at a single machine or multiple machines for the crack?

I assume that it is dedicated?.............all the stats I have seen assume that, otherwise you are complicating things by sharing resources.

I suppose that the big question is whether you are using Rainbow Tables or not. If you are just doing a straight comparison against a table set, it is a lot faster than building your brute force on the fly?

The problem is that the stuff I have got only looks at the complexity of the password and the probable amount of time to crack it. Actual performance times (volumes) are hard to come by...........I guess that reflects the massive improvements in hardware over the past few years?

[TechGrunt]

Hi Nihil
Not looking for anything too specific here. What I am writing isn't specifically on password security just an element of a larger computer security paper. Ideally what I am after is a stat you would find in a product specification which would specify capabilities of passwords/sec on dedicated maching with XYZ Ghz CPU. I am trying to illustrate the reason for setting reasonable length and complex passwords on a Windows system.

Regards

TG

[nihil]

Hi TechGrunt

Are we going to be using precalculated tables or doing it on the fly?..............that will affect speed, as the tables remove the generation step.

Also, how long will the password be, or would you want that to be a variable (probably steps) like 10 Characters, 15, 20, 25 and so on?

Another thought I had was single/multiple processors and single/dual cores?



I am afraid that it is a lot more complicated these days.

[TechGrunt]

Hi Nihil
Sadly most things are more complicated these days I suppose.

The scenarios I proposed in the paper is as follows:
Windows 2003 Standard Edition
Pasword length of 7 characters
Password complexity rules enforced
Cracking technique of brute force on the fly
Single processor/core off-the-shelf machine with no special modifications to assist with the task (trying to illustrate the ease at which the technology can be obtained to complete this type of task)

Any help you can provide much appreciated here

Regards

TG