1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Recovering Passwords with a GPU

Discussion in 'Graphics Cards' started by gamer210, Oct 23, 2007.

  1. gamer210

    gamer210 New Member

    Joined:
    Dec 26, 2005
    Messages:
    137 (0.04/day)
    Thanks Received:
    1
    Location:
    University of Texas San Antonio
    I came upon this this morning, and I thought I'd share it with y'all. Here's the link:

    http://www.net-security.org/secworld.php?id=5567

    Since most of my research focuses on security, I thought it was kind of interesting. People have been using FPGAs to brute for passwords for a while now, but using a GPU to brute force passwords would open things up to a whole new group of people. It would probably be faster, and cheaper, than using FPGAs depending on the GPU. When you think about it, passwords would just be the tip of the iceberg. If combined with Rainbow Tables, WPA keys could be cracked in a matter of hours or even minutes. WEP keys could be cracked in seconds. This shows lots of promise, so I guess I'll have to look into this some more.

    Just some information from the self-proclaimed "TPU Security Guru."

    P.S.
    Mods, please feel free to move this if you think it would fit better somewhere else.
     
  2. Fuse-Wire

    Fuse-Wire New Member

    Joined:
    May 30, 2007
    Messages:
    856 (0.31/day)
    Thanks Received:
    43
    Location:
    Scotland, Far away from normality as possible
    well heres something for you " Security Guru" try and stop me with Kane n Able!!
     
  3. gamer210

    gamer210 New Member

    Joined:
    Dec 26, 2005
    Messages:
    137 (0.04/day)
    Thanks Received:
    1
    Location:
    University of Texas San Antonio
    It's Cain & Abel, actually.
     
  4. Fuse-Wire

    Fuse-Wire New Member

    Joined:
    May 30, 2007
    Messages:
    856 (0.31/day)
    Thanks Received:
    43
    Location:
    Scotland, Far away from normality as possible
    Damn Yooooo!!!
     
  5. t_ski

    t_ski Former Staff

    Joined:
    Apr 11, 2006
    Messages:
    10,992 (3.49/day)
    Thanks Received:
    4,544
    Interesting link. I've passed it on to my security teacher. We were just discussing effective passwords, rainbow tables and the like a couple weeks ago.
     
    Crunching for Team TPU
  6. GrapeApe

    GrapeApe New Member

    Joined:
    May 4, 2007
    Messages:
    33 (0.01/day)
    Thanks Received:
    3
    Location:
    The Canadian Rockies
    Love how it's "recovering passwords" :rolleyes:

    I'm not convinced they should be given a patent, but don't doubt they will be given one by a technologically ignorant patent office.

    It's simply another application of GPGPU to another computational problem, not anything truly exotically revolutionary. This would easily fall under "obvious" application of existing technology, and is already negated by the publication of prior art (see paragraph 3 example 3);
    http://www.gpgpu.org/data/history.shtml
    "The PixelFlow SIMD graphics computer [Eyles, et al. 1997] was used to crack UNIX password encryption [Kedem and Ishihara 1999],"

    I don't doubt it will get a patent as so many things do and later get overturned, but it doesn't really deserve one IMNSHO.

    Anywhoo, just another reason to use independent and non-traditional methods or cryptography and include at the very least substitution to reduce the effectiveness
     
  7. ex_reven New Member

    Joined:
    Sep 4, 2006
    Messages:
    5,225 (1.74/day)
    Thanks Received:
    171
    Thats an interesting article.
     
  8. gamer210

    gamer210 New Member

    Joined:
    Dec 26, 2005
    Messages:
    137 (0.04/day)
    Thanks Received:
    1
    Location:
    University of Texas San Antonio
    The cyphers that were broken in your example were RC4 and DES, which are not considered secure by any means. They have been broken for many years now. Where I think this would be most effective, would be in cases where more advanced cyphers, such as AES or Blowfish, are used. Also it is much, much cheaper. For example, I could buy a motherboard with 4 PCI-Express slots, install 4 cheap graphics cards, and use all of them to brute force passwords. All of this would still cost less than a good FPGA.

    As for the patent process, I agree with you. U.S. patent law is really behind when it comes to matters of technology, and it really needs to be updated.
     
  9. GrapeApe

    GrapeApe New Member

    Joined:
    May 4, 2007
    Messages:
    33 (0.01/day)
    Thanks Received:
    3
    Location:
    The Canadian Rockies
    Yes I agree this is definitely a new and very cost effective method for brute force for the general public, I think in reaction to it though people will step up their level of security because while the processing power to crack encryption improves, so usually does the opportunity to use more robust levels of encryption/decrryption. Contiual cat and mouse, the only problem is those wishing to compromise the system are usually more dedicated and motivated than those we need to convince to adopt/fund/use the strong methods/levels of encryption. I'm sure the usual dark places are fine, but I suspect corporate security will become more vulnerable as multi-VPU and even multi-core systems like Fusion/Larabbee become more common place and inexpensive to combine.

    Yeah, and my criticism isn't towards the article so much as the patent just because I know a few people who work in this area of expertise in Montreal and we've discussed this before from both a GPGPU side and from a Distributed computing side, of course they're way out of my league because after anything more complex than triple DES my brain switches over to beer mode.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page