Cryptohaze.com

Here's a hypothetical for you lurkers out there...

Let's say you had 4x networked boxes, each with 4x 580's. How long would it take to crack a full character set, 14 character length password, NTLM hash using the multiforcer

Eons.

Assume 2B NTLM/sec for the 580.

95^14 / (2B * 16) = 4832522544.8 years.

Not doable.

Well that's lame!

Is that formula equivalent to --min=14 --max=14 ?

Yeah.

95^14

Ok.

Thanks for the feedback, for the last couple months I've been mulling over the idea of building a GPU farm for cracking NTLM, using the multiforcer. I could put together a box with 4x 580's for relatively cheap at about $2500. However, using your formula, even if I built a complete farm with 4096 GPU's, I'd still be waiting around for thousands of years lol. Screw it.

Would generating a rainbow table to solve a 14 character NTLM take the same amount of time?

Even longer. Rainbow tables take longer to generate than the brute force time of a password space.

On top of totally infeasible storage requirements.

NTLM len14 with no LM around is pretty darn safe.

Bitweasil wrote:Even longer. Rainbow tables take longer to generate than the brute force time of a password space.

On top of totally infeasible storage requirements.

NTLM len14 with no LM around is pretty darn safe.

No wonder why Windows doesn't feel compelled to salt their passwords...

I tried using some online calculators to find the size of a len14 NTLM rainbow table, but none of them will calculate it for me. I guess calculating the size of them is even infeasible.

How many of these storage pods would it take?
http://blog.backblaze.com/2011/07/20/pe ... e-secrets/

deadonironsights wrote:No wonder why Windows doesn't feel compelled to salt their passwords...

Totally disagree.

Most users won't use a len14 password. Len 7-8-9 are vulnerable. Pretty much anything other than plaintext is secure with len14, unless it's a word, phrase, song lyrics, etc... Users choose shit passwords.

I tried using some online calculators to find the size of a len14 NTLM rainbow table, but none of them will calculate it for me. I guess calculating the size of them is even infeasible.

Yep.

Assume 100% ideal table coverage for a baseline (not possible, but a good ballpark).

Assume chain length 2 000 000 - insane, but doable.

92 bits needed for password storage, assume about 100 bits for hash storage. 192 bits per chain, 24 bytes per chain.

95^14 / (2 000 000) = 2438374895577649295044 chains

At 24 bytes per chain, 58520997493863583081056 bytes disk.

~51977087 PB

How many of these storage pods would it take?
http://blog.backblaze.com/2011/07/20/pe ... e-secrets/

You do the math from here.

You do the math from here.

135 TB = 0.1318359375 PB

51 977 087 / 0.1318359375 = 394 255 830

fml

Well, buy me a few & I'll at least get len9 working.