ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· º Crypt(3) Password Crack Utilities º º BENCHMARK Performance Evaluation º ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· º Performance Tests By : -Q- º ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄĽ Revision 1 : 5 March 1995 Foreword: This is the first of a series of benchmark tests which I will perform to evaluate various pieces of computer hacker software. This first revision will be rather basic, and I will not get into advanced details. The performance tests I make will be basic tests for speed only, and will not take "frilly features" into account when judging programs. Speed is the name of the game, when your cracking or cryptoanalyzing files. Although frilly features are ceatainly a benefit, and increase the overall quality of a program, they quite often cause a program to be too cluttered and to run at sluggish speeds because with a larger program it is necessary to use a less efficient programming language for coding such as Pascal or BASIC to facilitate the programmer. The reason speed is so important, is because of the large number sets involved in encrypted data. The numbers are literally of astronomical proportions, and often exceed 50 digits in length. In order to process these massive numbers a computer must run as fast as possible, in fact speed is so much the ultimate factor, that even computers themselves are innefficient tools, and it is best to run a dedicated machine which is designed to specifically break codes and uses specially made CPU's and/or chips with the algorithm built into the chip. This allows the "cracking" to occur thousands of times faster than any computer is capable of. Even if a program is only 5 percent slower than another cracking program that appearingly insignificant difference makes all the world of difference, in that in a matter of weeks of cracking after several hundred quadrillion calculations, the slower program will be behind by several hundered trillion calculations. * Please Note that the actual times involved in this test are to crack passwords soely depends upon what passwords are used and in what order they appear in the cracking dictionary. It is more important to examine the time differential between the different programs, than the actual result times. Evaluation Standards: The tests will be performed using the following control standards. (1) I will use the latest version possible for each program. (2) An /etc/passwd file with 2 valid passwords and accounts will be used as the control standard. Each program will be run in its fastest mode and the times will be noted down to 1 second accuracy. (3) Dictionary size is 322,282 Bytes. (4) 3 Different computer systems. a) 486DX2 66Mhz -(Intel brand CPU)-58Megs RAM(60ns)-SCSI ( 9ns) b) Pentium 90MHz -(Intel brand CPU)-64Megs RAM(50ns)-SCSI2fast( 9ns) c) S.G.I. 150MHz -(MIPS brand CPU)-16Megs RAM(70ns)-SCSI (11ns) (5) Programs will be run under native DOS or UNIX depending upon what O/S the program was written for. 486DX2 66MHZ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄ CrkJack °°°°°°°°°°°°°°°°°°°° (382) PCUCP ²²²²²²²²²²²² (226) HADES ±±± (30) KillerCrk °°°°°°°°°°°°° (250) Guess ²²²²²²²²²²² (194) Newpw ±±±±±±±±±±±±±±±±±±±±±±±±±±±± (563) Crack °°°°°°°°°°°°°° (271) Berkely ²²²²²²²²² (177) PcCrack ±±±±±±±±±±±±±±± (290) AITS ° (5) ------------------------------------------------------------------------ Time 0157 1111 2222 3333 4444 5555 6666 7777 8888 9999 11112 (secs) 005 0257 0257 0257 0257 0257 0257 0257 0257 0257 02570 0505 0505 0505 0505 0505 0505 0505 0505 0505 05050 00000 Pentium 90MHZ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Brute20 ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± (865) CrkJack °°°°°°°°°°°°°°°° (307) PCUCP ²²²²²²²²² (173) HADES ±± (24) Guess ²²²²²²²² (148) Newpw ±±±±±±±±±±±±±±±±±±±±±± (425) Crack °°°°°°°°°°° (210) Berkely ²²²²²²² (135) PcCrack ±±±±±±±±±±±± (223) AITS ° (3) ------------------------------------------------------------------------ Time 0157 1111 2222 3333 4444 5555 6666 7777 8888 9999 11112 (secs) 005 0257 0257 0257 0257 0257 0257 0257 0257 0257 02570 0505 0505 0505 0505 0505 0505 0505 0505 0505 05050 00000 Silicon Graphics Workstation 150MHz ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Brute20 ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± (776) CrkJack °°°°°°°°°°°°°° (278) PCUCP ²²²²²²²² (153) HADES ±± (20) KillerCrk °°°°°°°°° (169) Guess ²²²²²²² (131) Newpw ±±±±±±±±±±±±±±±±±±± (380) Crack °°°°°°°°° (182) Berkely ²²²²²²² (119) PcCrack ±±±±±±±±±±± (196) AITS ° (3) ------------------------------------------------------------------------ Time 0157 1111 2222 3333 4444 5555 6666 7777 8888 9999 11112 (secs) 005 0257 0257 0257 0257 0257 0257 0257 0257 0257 02570 0505 0505 0505 0505 0505 0505 0505 0505 0505 05050 00000 Evaluation Notes: ------------------------------------------------------------------- HADES- is the clear winner of this test for pure speed. If you need to run tests with maximum efficiency with no fancy sorting frills then this is the recommended program. ------------------------------------------------------------------- Berkeley- Was written by a student at Berkeley University. program was coded in 100 pure ASM and as a result runs pretty fast. This utility has a few more featres than does HADES, so if your looking to do a pure speed test wheras you need to crack by brute force and you need to do your cracking in a special way, this util lets you write script files which will control the search in any ------------------------------------------------------------------- PCUCP- Personal Computer Unix Password Cracker is the third best generic cracker program on the list. It doesnt have a whole lot of extra feastures but it is quite fast. ------------------------------------------------------------------- Brute20- As we can see Brute v2.0 failed miserably in this test, HOWEVER, I am trying to determine why it did so poorly. It is possible that this program does additional searches such as reverse word search on each dictionary extra and that could contribute to its slow speed.My other theory is that this program was written for the X086 CPU (as it is a very old program), so it thusly runs very inneficiently on 386/486 systems. ------------------------------------------------------------------- Cracker Jack v1.4- I had to just mention Cracker Jack even though its not worth even using it, I was very upset with this program because it is EXTREMELY user unfriendly. It took me 2 weeks to get it to work, and in fact I could not even get it working myself so I had to bring it to my friend who's a computer whiz and it took him a couple hour to track down the problem. Apparently Crk Jack is very picky about running on ceartain systems and it has various software and hardware conflicts and occasionally you cannot run Cracker Jack under multi-tasking because this program conflicts with other programs that are running in the background. ------------------------------------------------------------------- AITS- AI Technology Systems UNIX Password Checker. As we can see this program blew away the competition by performing 8 times faster than the HADES cracker. You might be wondering why this program is so fast.. Well I kinda cheated a little, I threw in a program that me and my friend created a long time ago. This program works on a different cracking algorith and is similar to the cracking programs used by government agencies. It utilizes a massive database of pre-encrypted passwords which eliminates the need for performing algorithmic checks on each dictionary password. This program simply has a highly optimized sort algorithm which searches the database for the encrypted password. A match can be found within a matter of 1 or 2 seconds no matter how many words are in the dictionary, and it the program is not slowed down much by the actual amount of users in the /etc/passwd file or the number of words in the pre- encrypted dictionary. I'd like to point out right now however that this program cannot be run on a mere mortals computer. The massive database of encrypted passwords requires at a minimum of 1 Gigabyte and several HUNDRED Gigabytes is needed in order to have a top rate government grade cracker. ------------------------------------------------------------------- ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ written by: -Q- The Code Breakers BBS ahoffman@linet01.li.net ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ