A. Amesbury, "Password Attack Discussion & Benchmarks (webpage)", U of Minnesota, Office of Information Technology, last modified May 24, 2005.  Available http://www1.umn.edu/oit/security/passwordattackdiscussion.html, 17 July 2006.

Introduction

On one of the industry mailing lists there's an active thread discussing the use of "Rainbow tables" (more on these below) for attacking passwords. This got me thinking about a writeup I did a few years ago (back when I was at CompSci) regarding "password cracking" speeds, so I reran some benchmarks on current hardware, wrote them up, and sent them out on the list. After receiving some feedback, I made some additional changes and expanded on the original, resulting in the document you see here. 

When I talk about search space below, I'm referring to all possible passwords given the character set limitations and the algorithms involved. As most departments at the University of Minnesota use US-style keyboards, my writeup assumes the standard 95 characters found on that style of keyboard. (Yes, some systems can use extended characters, but I believe the majority of users don't use them. Also, they're not universally available on all OSes.) I use "Enn" to represent scientific notation, as large numbers tend to get somewhat cumbersome at times. As this is an original work, I claim all the mistakes made below; let me know if (when!) you find one.