Ran across this project today and figured I'd create an entry for our team. I don't
know how long the DP's take on it as I've just started running the app. This is a math based project, but mostly a brute force attempt (just like distributed.net and rsa-576) to prove the weaknesses in MD5 hashes. I actualy find this quite interesting as many people and applications use MD5 hashes for password verification (such as linux passwords, and MANY web applications on the net today). You can find out more and join the team here: http://www.md5crk.com/. BTW: I did 16 DP's while I was writting this short paragraph, so I suppose it's not too slow :D They do have architecture specific clients (athalon (windows), windows pentium4, linux x86, linux pentium4, linux powerpc, linuxalpha, sunos sparc, and macosx)


What is the MD5CRK project about? [ top ]

The aim of MD5CRK is to raise awareness in the IT industry that MD5 is not secure for many applications. We aim to disprove one of the fundamental requirements of a secure message digest: No two inputs can be found which produce the same digest - this is also known as a collision.

In cryptography, there can be no doubt in an algorithm's security. Demonstrating a counter-example to a required property in an algorithm effectivly renders the algorithm insecure.

How will MD5CRK show MD5 is insecure? [ top ]

This project does not directly attack any file, program or password program - that would be irresponsible. We intend to find at least one collision in the full MD5 function. In 1994, Paul van Oorschot wrote a paper describing how to build a computer to find two similar looking documents (or vastly different for that matter) with the same MD5 digest in a matter of days for $10,000,000 USD. With today's technology this computer would cost only $100,000 USD.

The problem of attacking MD5 is no longer a theoretical matter - it is a business proposition.

If someone were to invest $100,000 USD to build this machine, they could forge digital signatures, circumvent password systems and tamper with sensitive documents without detection.

To raise awareness we will find at least two strings of printable text that produce an identical MD5 hash. After each MD5 transform, the 128 bit (16 byte) hash is translated into a 32 character string. This 32 letter string becomes the input to the next MD5 transform and so on. To map the 16 byte digest into a 32 letter string we use the 16 most common letters used in the English language as our radix alphabet in the likely chance we get a true English word out of this process.
:D

I've been trying to get the client to work for a couple of weeks now but it never worked. When I read your post I tried it again and it worked fine!

This one interests me too, I'll definitely be contributing at some point.

On my main machine (which I am currently using, so bare this in mind), the max rate is 8.62 MegaMD5/sec. This is an Athlon XP2400+ running Win2k Pro SP4. The client was built on Jan 31.

7.54 MegaMD5/sec max on a Athalon XP 1800.

Once you create your account you must login and upload your md5_user.xml file to get credits for your work. I do not know if the client will autoupload afterwards to your account. I'll report back once my client has completed the first 200 work units. Also be sure to visit http://www.md5crk.com/stats/teams.php?action=view&id=1370877007 and join the team. BTW, the client only uses about 600-700kb of memory.

Note: When you first visit md5crk.com you will see something about "Magic Button". Be sure to click "Disable MD5CRK" or your browser will use 99% processing power while you are at their webpage. It's some sort of java app that runs their client on when you are visiting their page. I find it a tad disturbing they would have it enabled by default. It caused problems when I first ran their client (it took forever to load) and it took me a bit to figure out why IE was using 99% CPU.

This seems to be a better choice than :spray: grub :spank:

I'm in for a little piece of the action.

How does this thing work ?

I have created an account and joined Free-DC.
Downloaded a client and started it up.

Now what ?

You need to login to your account on their webpage and there is a little form there where you have to upload your md5_user.xml file from that client's folder. You will have to do that for each client that you install. You should only have to do it once per client. BTW, is anyone running this on linux? The one linux client I have it running on does seem to be working right. It scrolls through 200 DP's in about 3 seconds and uploads them. I don't get credit for them though. Someone who has it running on linux let me know what the behavior is like.

You must login and then do the upload function and browse to your md5_user.xml file and upload that.

However, I've started it up on a P4 2.2 running Gentoo and it ran and then stopped..

I'll maybe try it on a windows box later.

Bok

One thing that I notice with the linux client is that there is no "safe" way to close the client. The save file becomes corrupt and you must delete it (md5_save.xml) before you can run it again.

what if I roll out lots of clients using the directory I have now, the md5_user file will be the same.

Should I let the exe create a new user_file every time ?
That would mean uploading the user file everytime I roll out a new client.

Does it upload automatically ?
I have a send_xml file in the directory which appears to be updating.

Answering my own question here, I think you should only copy the exe to other machines because they will then get different work to do.
You need to upload the user xml file from each one so that the systen knows who to credit for work returned.

You know I'm not sure if you just use the same xml's for each client if it would work. I suppose it should work fine..... (but I'm not sure). I'm not sure exactly how or IF they track machines with each md5_user.xml file. Maybe e-mail jlcooke@md5crk.com and see what he says.


PCZ, does your linux client go EXTREMLY fast or does it take about a min for each DP to complete? I think something is borked with my linux client. It seriously does about 200 DP's per minute and uploads them (unfortunatly I get no credit for them though :cool: )

magnavox

I haven't run it on linux yet, will do shortly.

I have it on one P4 box at the moment running windows.
So far it appears to have done 130 DP's in 43 mins.

Windows client finished it's first 200 DPs and uploaded them automaticaly. Now I just gotta find out what the hell is wrong with this linux client.

I rolled out the client onto another windows PC.
As this P4 has hyperthreading I loaded up a second instance of the client {From a seperate directory}

The second client went bonkers and started doing 200 DP's every second :swear:

This project is definitely P4 friendly.

XP 3200 9.2 MegaMD5 / sec
P4 2.8 13.2 MegaMD5 / sec

The P4 2.8 is 133mhz bus non hyperthreaded

Got the windows version running as a service using instsrv and srvany.
Client is only using 2352k and it doesn't leak memory :drums:

Originally posted by PCZ
This project is definitely P4 friendly.

XP 3200 9.2 MegaMD5 / sec
P4 2.8 13.2 MegaMD5 / sec

The P4 2.8 is 133mhz bus non hyperthreaded

Somewhere in one of their FAQs or forum, they mentioned only running one client for each true CPU in a HT box, because the client is so well optimized. It is not, however, SMP aware, so you do need to run an additional client for each physical CPU.

Also, they did mention that each unique client instance needs to have it's md5_user.xml file uploaded, and their database keeps track of all your clients.

W2K Pro and XP2600+ runs at just under 9.0 MegaMD5/sec , and seemed to upload automatically. It's on it's second set of 200 DPs.

willy1

Wow this thing is flying on my P4C 2.4 - 11 MegaMD5/sec!

Oh man, can't wait until I can figure out why the client is borked on my P4 2.4 if it'll run at 11 /sec :D

Free-DC appears to only have 4 members.

Free-DC (http://www.md5crk.com/stats/teams.php?action=view&id=1370877007)

5, if ya count the captain - Free-DC Hydra Central :smoking:

I've just joined the free-dc team.

Well after talking with the guy who runs the project we found the problem with my client (linux pentium4). Apparently the client was using a different core than the md5_user.xml file was specifying, causing it to completely bork. He claimed he will be releasing a new client Monday to rectify the issue.

Anyone know how the client will react if there is no internet connection available after 200DPs? It would be neat if it just cached the findings until a connection could be made, but has anyone actually experienced this yet?

I will probably find out at some point, involuntarily :)

alpha

I have just disabled the nic card on one of my PC's
When the client running on it gets to 200 we will see what happens.

Update

It tried very briefly to connect then carried on crunching. ;)

Looks like a good project for modem users.
The WU's are very small {about 20k for 200} and it works offline.
You could easily sneakernet this one, you could fit a weeks worth of work on a floppy.

:cheers: to the programmers

Excellent, thanks PCZ :D

So am I right in saying, the only time internet connectivity is required, is to download the start points? Once a client is given its start points, it knows where to crunch from and carries on from there.

Yes?

Alpha

Yes that appears to be the case
Also you would need to upload the md5_user.xml file to the server.
That can be done from any internet connected PC.

PS
I am keeping an eye on the log of the client I have offline.
When it reached 200 it tried briefly to contact the mothership.
It is up to 263 at the moment and it has not made any more attempts to talk to the server.
I suspect it will try again briefly when it reaches 400, 600 etc.

Originally posted by PCZ
I suspect it will try again briefly when it reaches 400, 600 etc.

This is the behaviour I guessed, and hoped for.

Any word on how the client performs on slower boxen i.e. sub-500MHz?

alpha

The offline client tried briefly to contact the mothership at 400 Wu's.
So our suspicions are correct.

The sub 500mhz computers you are talking about, are they P3, P2, K6-2 or what ?

BTW I don't have any computers of that vintage available to me, to test.
I am sure someone reading this thread will oblige.

PS
We could carry on talking about this project in our md5crk forum, if we had one :D

You should be able to run all clients in offline mode. As far as I know the client has a switch to work offline and another switch to upload. In linux if you type "md5crk -h" it will show you a list of available switches. I haven't tryed running the windows client with any switches yet.

I talked to the project admin and he's going to provide me with CSV's so I can make stats for the project. He said it be a few days though. Sounds as if they'll be updated hourly.

Originally posted by PCZ
alpha

The offline client tried briefly to contact the mothership at 400 Wu's.
So our suspicions are correct.

Indeed. However, I let it cache nearly 800DPs, when I next fired it up, it didn't wait for a multiple of 200, it just uploaded because it could. Suits me fine.



The sub 500mhz computers you are talking about, are they P3, P2, K6-2 or what ?

P3 450
K6-2 400
P2 233
P233
...etc


PS
We could carry on talking about this project in our md5crk forum, if we had one :D

Seconded. ;)

AMD 64 3200+ performance:


<!-- Notice to all: modifying this file could be tragic!!!
Pretty to see, nice to hold
But if you change this, consider yourself told -->
<md5crackPerformance>
<Rate>10.723625</Rate>
<RateMin>7.455968</RateMin>
<RateAve>10.801965</RateAve>
<RateMax>11.976628</RateMax>
<UserTotalDP>* updated with next work-unit *</UserTotalDP>
<ThisBuild>md5crk_0.8_win32_athlon</ThisBuild>
<CurrentBuild>* updated with next work-unit *</CurrentBuild>
<CurrentDPCount>37</CurrentDPCount>
</md5crackPerformance>

Pentium 4 2.4 performance:



<!-- Notice to all: modifying this file could be tragic!!!
Pretty to see, nice to hold
But if you change this, consider yourself told -->
<md5crackPerformance>
<Rate>4.748820</Rate>
<RateMin>4.748820</RateMin>
<RateAve>8.857255</RateAve>
<RateMax>11.834790</RateMax>
<UserTotalDP>* updated with next work-unit *</UserTotalDP>
<ThisBuild>md5crk_0.8_win32_pentium4</ThisBuild>
<CurrentBuild>* updated with next work-unit *</CurrentBuild>
<CurrentDPCount>30</CurrentDPCount>
</md5crackPerformance>

fluctuating more but seems to keep up with the 3200+...both running SSE2ALU2

What about Magic Button option? Can we get credit for crunching that visitors to our sites perform with Magic Button?

How often are stats updated?


edit/ - I didn't uploaded md5_user.xml file. :bang: I did about 1000 DPs. Will they be credited to my account if I additionaly upload my md5_user.xml file?

:bang:

edit2/ - They credited my acount for 600 DPs after I upload md5_user.xml. It is possible that I didn't do more than that. Excellent! :elephant: