Why is the rate of RAR password searching so low? Even free PYRIT installed in my system works faster than Accent RAR Password Recovery. Are you sure that your solution is the best?

We can assure you that password recovery speed for RAR archives are the best possible with current technology.

At first, don't compare WPA with RAR directly, it's different protection schemes though both based on SHA-1. One WPA PMK generation requires (4096*2+2)*2 = 16388 SHA1 compress/transform invocations, this value is constant for any password length (up to 64 symbols). For RAR 3.x we're need to perform (password_length * 2 + 11)*4096 + 17 SHA1 iterations, for example for 4 symbols length passwords it's 77841. Thus, it'll 77841/16388 = at least 4.75 times slower only because of greater number of iterations required.

Moreover, while for WPA (or, more correctly, PBKDF2 scheme which used by WPA, OpenOffice, WinZIP/AES, Apple iPod/iPhone backups, etc) output of previous iteration directly goes to input of next iteration, i.e:

Hash(i) = SHA1(Hash(i-1))

For RAR 3.x it isn't the case. Input values formed from password + salt + 3 bytes counter value which adds additional complexity. So performance drops even more, especially for longer passwords.

Looking at our competitor's solutions for ATI GPUs (i.e. none) we really think that we did the best available now software for RAR password recovery.

And of course OpenCL cannot be faster than CAL/IL we're using to program ATI GPU kernels -- OpenCL built upon CAL/IL. And right now OpenCL only adds additional problems (like inability to support crossfired GPUs while it's possible with CAL/IL).

And pyrit in fact not using OpenCL too, GPU kernels were written with CAL++ to avoid any possible performance degradation from OpenCL layer.

And to add up -- pyrit shows 800 p/s on your CPU simply because it isn't fully optimized for CPU. With properly written code it should be around 3600 PMK/s not 800. And CPU/GPU ratio will be nearly the same as for other algorithms assuming that optimizations were done for both CPU and GPU code.

One of marketing tricks around is to compare GPU speed with unoptimized CPU code and claim 100x-200x speed-up. Though we're calling such speed-ups simply "a lie" not marketing.

Article Details

Article ID:
9
Category:
Rating :