feross / md5-password-cracker.js

Crack MD5 passwords with JavaScript Web Workers
http://feross.org/hacks/md5-password-cracker.js/
386 stars 69 forks source link

MD5-Password-Cracker.js

by Feross Aboukhadijeh.

This was an experiment to see if using HTML5 Web Workers to parallelize CPU-bound tasks is practical.

View the demo.

How it works

This program spawns several Web Workers (JavaScript threads) in order to crack an MD5 password hash.

Given a hash to crack, and enough time, this program will find the password that was used to make the hash. When you visit the demo, 8 background Web Worker processes are spawned, which each attempt to use 100% of a CPU. Web Workers have no way to behave nicely -- they just run as fast as possible. Thus, most systems with <= 8 CPU cores will be maxed out.

However, since the tasks are running in separate threads and NOT on the main UI thread, the browser is actually quite usable while this is going on in the background. You can scroll around, click on things, and everything is responsive. The only thing you'll notice is that your computer's fans will be loud ;)

The space of possible passwords is divided so each Worker can work in parallel. Even so, I could only get around 1 million password hashes per second, which isn't very impressive at all.

A typical CPU can get around 50 million hashes per second, so JavaScript is really slowing things down here. The MD5 algorithm I used is Joseph Meyer's, which is supposed to be the fastest JS implementation, but even so, it's likely the bottleneck here.

I want to explore GPU-based cracking next. Is there some way to hack WebGL in order to crack passwords quickly?

Only tested in Chrome v23.

Read more about password hashing.