Wordpress passwords encryption ?

[sensor]

Does anyone here know what type of encryption Wordpress uses ?
It used to be plain MD5.

Here is one sample password: $P$BsaP.8zr.ZeT2ktfTfJkgOAhNm3RJB/
All of them starts with: $P$B
Does it use some sort of salt ? Is it possible to crack it, etc.
Can you give me a hint ?

Thanks in advance,
Alex

[ande]

Does anyone here know what type of encryption Wordpress uses ?
It used to be plain MD5.

Here is one sample password: $P$BsaP.8zr.ZeT2ktfTfJkgOAhNm3RJB/
All of them starts with: $P$B
Does it use some sort of salt ? Is it possible to crack it, etc.
Can you give me a hint ?

Thanks in advance,
Alex

Possibly of interest: http://www.stottmeister.com/blog/2009/06/30/new-wordpress-password-hasher-tool/
Its from 2009, it says wordpress use PHPASS, a function from some framework.

Anyway, download Passwords Pro, it got a unbuilt wordpress password cracker

[sensor]

Thanks a lot!


I already started up Passwords Pro, but noticed big performance drop, cracking MD5(Wordpress), rather md5() from PasswordsPro.
 
The best was 600 p/s, on 2 cores probably 1000 p/s.


Found Extreme GPU Bruteforcer again from InsidePro using CUDA GPU.
The results from CUDA performance from their site:
MD5                 - 420 million p/s
MD5(Wordpress) - 0.05 p/s


Which is 8400x slower.
Thanks again, I'll further investigate & if I have valuable info i'll keep you posted  

[sensor]

The reason for the slow cracking of these passwords is so called: key stretching incorporated in PHPASS.
Here is more info on key strengthening:
http://en.wikipedia.org/wiki/Key_strengthening,
http://www.schneier.com/paper-low-entropy.html


Basically the time to generate the hash is increased by hashing the password multiple times - making Bruteforce ineffective method or slowing it down enough.