• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Recovering Passwords with a GPU

gamer210

New Member
Joined
Dec 26, 2005
Messages
136 (0.03/day)
Likes
1
Location
University of Texas San Antonio
Processor Intel Core 2 Quad Q9450 @ 2.66 GHz
Motherboard ASUS P5Q Pro
Cooling Zalman CNPS 9700
Memory Mushkin XP 4GB DDR2 1066
Video Card(s) 2x Radeon HD 4850
Storage Seagate 750 GB w/ 32MB Cache
Display(s) Dell 2007WFP Rev A04 S-IPS
Case Tuniq 3
Audio Device(s) Asus Xonar DX
Power Supply PC Power & Cooling 610
Software Microsoft Windows Vista Business 64-bit
#1
I came upon this this morning, and I thought I'd share it with y'all. Here's the link:

http://www.net-security.org/secworld.php?id=5567

Since most of my research focuses on security, I thought it was kind of interesting. People have been using FPGAs to brute for passwords for a while now, but using a GPU to brute force passwords would open things up to a whole new group of people. It would probably be faster, and cheaper, than using FPGAs depending on the GPU. When you think about it, passwords would just be the tip of the iceberg. If combined with Rainbow Tables, WPA keys could be cracked in a matter of hours or even minutes. WEP keys could be cracked in seconds. This shows lots of promise, so I guess I'll have to look into this some more.

Just some information from the self-proclaimed "TPU Security Guru."

P.S.
Mods, please feel free to move this if you think it would fit better somewhere else.
 

Fuse-Wire

New Member
Joined
May 30, 2007
Messages
855 (0.22/day)
Likes
39
Location
Scotland, Far away from normality as possible
System Name The Box
Processor DualCore AMD Athlon 64 X2 2300MHz (11.5x200) 4400+
Motherboard AsRock N 68-S
Cooling Basic 90mm fans
Memory OCZ XTC Platinum 2GB DDR-2 800 SDRAM
Video Card(s) ATI Saphire x1650 Pro Series
Storage Maxtor 6L300R0 (300GB) Maxtors S (250GB)
Display(s) 19" LCD CTX
Case EYE-T
Audio Device(s) Realtek ALC650 @ Intel 82801DB ICH4 - AC'97 Audio Controller [B-0]
Power Supply 600W colors-IT super quiet
Software Microsoft 7 Ultimate
#2
well heres something for you " Security Guru" try and stop me with Kane n Able!!
 

gamer210

New Member
Joined
Dec 26, 2005
Messages
136 (0.03/day)
Likes
1
Location
University of Texas San Antonio
Processor Intel Core 2 Quad Q9450 @ 2.66 GHz
Motherboard ASUS P5Q Pro
Cooling Zalman CNPS 9700
Memory Mushkin XP 4GB DDR2 1066
Video Card(s) 2x Radeon HD 4850
Storage Seagate 750 GB w/ 32MB Cache
Display(s) Dell 2007WFP Rev A04 S-IPS
Case Tuniq 3
Audio Device(s) Asus Xonar DX
Power Supply PC Power & Cooling 610
Software Microsoft Windows Vista Business 64-bit
#3

Fuse-Wire

New Member
Joined
May 30, 2007
Messages
855 (0.22/day)
Likes
39
Location
Scotland, Far away from normality as possible
System Name The Box
Processor DualCore AMD Athlon 64 X2 2300MHz (11.5x200) 4400+
Motherboard AsRock N 68-S
Cooling Basic 90mm fans
Memory OCZ XTC Platinum 2GB DDR-2 800 SDRAM
Video Card(s) ATI Saphire x1650 Pro Series
Storage Maxtor 6L300R0 (300GB) Maxtors S (250GB)
Display(s) 19" LCD CTX
Case EYE-T
Audio Device(s) Realtek ALC650 @ Intel 82801DB ICH4 - AC'97 Audio Controller [B-0]
Power Supply 600W colors-IT super quiet
Software Microsoft 7 Ultimate
#4
Damn Yooooo!!!
 

t_ski

Former Staff
Joined
Apr 11, 2006
Messages
11,960 (2.78/day)
Likes
6,443
System Name My i7 Beast
Processor Intel Core i7 6800K
Motherboard Asus X99-A II
Cooling Nickel-plated EK Supremacy EVO, D5 with XSPC Bayres & BIX Quad Radiator
Memory 4 x 8GB EVGA SuperSC DDR4-3200
Video Card(s) EVGA 1080 SuperClocked
Storage Samsung 950 Pro 256GB m.2 SSD + 480GB Sandisk storage SSD
Display(s) Three Asus 24" VW246H LCD's
Case Silverstone TJ07
Audio Device(s) Onboard
Power Supply Corsair AX1200
Keyboard Corsair K95
Software Windows 10 x64 Pro
#5
Interesting link. I've passed it on to my security teacher. We were just discussing effective passwords, rainbow tables and the like a couple weeks ago.
 

GrapeApe

New Member
Joined
May 4, 2007
Messages
33 (0.01/day)
Likes
3
Location
The Canadian Rockies
Processor Pentium T7300 - 2GHz
Motherboard Intel® 965PM
Cooling teeny tiny fans
Memory 2GB DDR2 - 667
Video Card(s) Mobility Radeon HD2600(Pro) - 256 @ 550/650
Storage 100GB Fujitsu 5400 RPM & ext WD 80GB DualOption & 250GB MyBook Pro & 80GB Vantec NAS & 320GB NAS
Display(s) 17" CrystalView LCD 1440x900.
Audio Device(s) Audigy 2ZS PCMCIA
Software Geoworks
Benchmark Scores 4,000 Bungholiomarks.
#6
Love how it's "recovering passwords" :rolleyes:

I'm not convinced they should be given a patent, but don't doubt they will be given one by a technologically ignorant patent office.

It's simply another application of GPGPU to another computational problem, not anything truly exotically revolutionary. This would easily fall under "obvious" application of existing technology, and is already negated by the publication of prior art (see paragraph 3 example 3);
http://www.gpgpu.org/data/history.shtml
"The PixelFlow SIMD graphics computer [Eyles, et al. 1997] was used to crack UNIX password encryption [Kedem and Ishihara 1999],"

I don't doubt it will get a patent as so many things do and later get overturned, but it doesn't really deserve one IMNSHO.

Anywhoo, just another reason to use independent and non-traditional methods or cryptography and include at the very least substitution to reduce the effectiveness
 

gamer210

New Member
Joined
Dec 26, 2005
Messages
136 (0.03/day)
Likes
1
Location
University of Texas San Antonio
Processor Intel Core 2 Quad Q9450 @ 2.66 GHz
Motherboard ASUS P5Q Pro
Cooling Zalman CNPS 9700
Memory Mushkin XP 4GB DDR2 1066
Video Card(s) 2x Radeon HD 4850
Storage Seagate 750 GB w/ 32MB Cache
Display(s) Dell 2007WFP Rev A04 S-IPS
Case Tuniq 3
Audio Device(s) Asus Xonar DX
Power Supply PC Power & Cooling 610
Software Microsoft Windows Vista Business 64-bit
#8
Love how it's "recovering passwords" :rolleyes:

I'm not convinced they should be given a patent, but don't doubt they will be given one by a technologically ignorant patent office.

It's simply another application of GPGPU to another computational problem, not anything truly exotically revolutionary. This would easily fall under "obvious" application of existing technology, and is already negated by the publication of prior art (see paragraph 3 example 3);
http://www.gpgpu.org/data/history.shtml
"The PixelFlow SIMD graphics computer [Eyles, et al. 1997] was used to crack UNIX password encryption [Kedem and Ishihara 1999],"

I don't doubt it will get a patent as so many things do and later get overturned, but it doesn't really deserve one IMNSHO.

Anywhoo, just another reason to use independent and non-traditional methods or cryptography and include at the very least substitution to reduce the effectiveness
The cyphers that were broken in your example were RC4 and DES, which are not considered secure by any means. They have been broken for many years now. Where I think this would be most effective, would be in cases where more advanced cyphers, such as AES or Blowfish, are used. Also it is much, much cheaper. For example, I could buy a motherboard with 4 PCI-Express slots, install 4 cheap graphics cards, and use all of them to brute force passwords. All of this would still cost less than a good FPGA.

As for the patent process, I agree with you. U.S. patent law is really behind when it comes to matters of technology, and it really needs to be updated.
 

GrapeApe

New Member
Joined
May 4, 2007
Messages
33 (0.01/day)
Likes
3
Location
The Canadian Rockies
Processor Pentium T7300 - 2GHz
Motherboard Intel® 965PM
Cooling teeny tiny fans
Memory 2GB DDR2 - 667
Video Card(s) Mobility Radeon HD2600(Pro) - 256 @ 550/650
Storage 100GB Fujitsu 5400 RPM & ext WD 80GB DualOption & 250GB MyBook Pro & 80GB Vantec NAS & 320GB NAS
Display(s) 17" CrystalView LCD 1440x900.
Audio Device(s) Audigy 2ZS PCMCIA
Software Geoworks
Benchmark Scores 4,000 Bungholiomarks.
#9
Yes I agree this is definitely a new and very cost effective method for brute force for the general public, I think in reaction to it though people will step up their level of security because while the processing power to crack encryption improves, so usually does the opportunity to use more robust levels of encryption/decrryption. Contiual cat and mouse, the only problem is those wishing to compromise the system are usually more dedicated and motivated than those we need to convince to adopt/fund/use the strong methods/levels of encryption. I'm sure the usual dark places are fine, but I suspect corporate security will become more vulnerable as multi-VPU and even multi-core systems like Fusion/Larabbee become more common place and inexpensive to combine.

Yeah, and my criticism isn't towards the article so much as the patent just because I know a few people who work in this area of expertise in Montreal and we've discussed this before from both a GPGPU side and from a Distributed computing side, of course they're way out of my league because after anything more complex than triple DES my brain switches over to beer mode.