… and the word was 4 bits, because the first microprocessor Intel 4004, produced in 1971, was 4-bit. We will repeatedly return to the processors, its characteristics and evolution in this blog, but let me introduce myself.
My name is Pavel Semjanov and more than 15 years I practice the computer security and work at St. Petersburg Technical University. šThe cryptography, particularly its practical application in various computer systems, became one of my hobbies from the very beginning. Another my hobby closely connected with work became the software developing for analysis of cryptographic system vulnerability and mainly password cracking (or in other words, password recovery).
I will necessarily concern the differences in terms ‘password cracking’ and ‘password recovery’, including legal difference, in one of the following articles. Therefore I hope that first-hand knowledge about practical cryptography, which I have, will be reasonably interesting to a wide range of readers.
As a result of my hobbies, in 1998 I created website ‘Cryptographic literacy’ (in Russian only), which is still one of the most mentioned resources of cryptography in Russia, and the website ‘Russian Password Crackers’, which was only one page at that time. The website developed gradually and then has moved on the domain www.password-crackers.com, and since 2006 there was its Russian language analog. Here from February, 2009 the blog issues in Russian firstly, and today I’m starting its translation to English that sometimes may be slightly different from Russian version.
Concerning website name – it appears spontaneously. Firstly, most of the well-known to me crackers have been written in Russia that is why my pride for our compatriot came out in the site name. (By the way, and today, I suppose, about 80% of all companies offering their services on password recovery is Russian or was set up by Russian).
Secondly more neutral term – ‘password recovery’ – was apparently unknown to me, and then its appears more ill-intentioned term ‘crackers’. Later on this word as a part of the site name caused me troubles, but it’s late to change something. By the way, in the website description it was always emphasized that it posts the programs applying this or that vulnerability in cryptographic systems, but doesn’t have anything common with all other crackers of programs, mailboxes, etc.
At that time I have uploaded and classified all well-known and quality, to my point of view, crackers, and it’s became website characteristic – I do not add there programs that are not better for all intents than already posted. As it turned out the most popular categories for password cracking are passwords of archivers, BIOS, Microsoft Office, Windows – in general, the same as now. On the basis of these programs and vulnerability that they are used, I made classification of cryptographic system vulnerabilities, which was included into the article ‘On cryptosystems untrustworthiness’. It is clear that this article is substantially obsolete for the past 10 years, but classification bases remain the same. šTo clear the current stay of cryptographic security in applied programs is one of the purposes of the given blog.
In the conclusion of the first notes, I would like to come back to the processors, and namely to computer facilities progress. I perfectly remember that during the test of the program for breaking ARJ passwords (YACC)š using very powerful processor of that time Intel 386DX-40, I could left it and have a dinner – it considered for about a half an hour. Recently I have made this test using present-day Core 2 Duo.š The result is 1 second and 61 the 100th! Speed is more than 10 millions of passwords in a minute! This test file has kept the date of its creation – 2004/07/21, total during more than 15 years the speed of processors in PCs has increased in more than 1000 times!
At what expense? Firstly, clock frequency. 1.86 GHz are 50 times more than 40 MHz. šReduction of the clock ticks consumed by each operation increased it in another 2-3 times. Hereafter, execution of several instructions simultaneously using the pipelinešis yet more three times faster. Caching,ša branch prediction, prefetching of instructions, faster memory – in 2 times. Total converges almost about 1000 times. It besides that the program does not support multithreading, differently on dual-core would be still twice faster!