
The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.
We were very interested to see how easy it is to use this package. We looked in on GPU cracking in September but didn’t focus on the software packages that are out there. Now that you know how easily your password can be unearthed perhaps you will get some use out of this article discussing the usability and security of longer passwords which we ran across over on Reddit.
 
             
 
    									 
    									 
    									 
    									 
			 
			 
			 
			 
			 
			 
			 
			 
			 
			
That is what we call an order of magnitude difference in speed, which doesn’t make me think that the GPU is fast but that we are using the CPU inefficiently.
The CPU isn’t used inefficiently, just the GPU has a few hundred “cores” while the CPU doesn’t. The GPU cores are pretty specialized and can’t do every instruction, but they can do simple things and can do them fast. GPUs use SIMD (single instruction, multiple data) and it’s what is needed for password cracking. You need the same computation over loads and loads of data. So it’s clear why GPUs are that much faster in password cracking (as they are in video/audio encoding and so forth)
what about a tool for linux?
does this scale? What if I have a SLI card setup? will it use the extra processing of the second video card to make it even faster? what about Quad SLI that is coming around the corner?
What I can see is getting well over super computing level power in the dirt dirt cheap price of under $4000 computer to utterly destroy a password hash like that.
This shows that passwords are no longer strong enough and that we will soon be using some form of 2 factor authentication regularly.
Bob: you should expect to see at least an order of magnitude performance difference between CPU and GPU for memory bound tasks, because the relative effective memory bandwidth is roughly 10x faster on the GPU. If you are computation bound, its not even a fair comparison, the GPU should win hands down – it simply has more computational elements. The GPU has more silicon area dedicated to computation and less to things like speculative execution and branch prediction which wouldn’t help much for brute forcing passwords. Brute forcing passwords is mostly explicitly parallel and so results that show an order or two performance improvement are not surprising.
Who still uses 8 character passwords?
8 chars is a minimum length that you only use if you’re forced to. And then you make it a random mix of uppercase, lowercase, numbers and symbols.
@bob – The GPU is much faster than the CPU because of the different types of math each processor is designed for.
It should scale with SLI, Pyrit does.
http://code.google.com/p/pyrit/
It’s only a little bit more than 2x improvement with 4x GeForce 295 GTX cards, versus 2x 295 GTX cards. But it’s still more than 2x.
(Pyrit brute-forces WPA and WPA2 pre-shared keys.)
@ Bob: The thing is a GPU uses all its it’s “cores”. In this example 800 cores. If you want CPUs to match, you need about 150 CPU cores at 3GHz.
@ fartface: It should be possible.
@ Alex Chamberlain: I would say Salted passwords are relatively stronger and will hold up longer.
@ cptfalcon: I think there won’t be much of a difference when you increase the memory bandwidth. I have already tested overclocking the vieo memory of my 5770 but of no use. Only core overclocking shows a difference.
olm-hashcat does the same thing:
http://vimeo.com/16204254
@mogpharau 2X is enough for tought cases.. heck even a 1.5X would be enough for a very hard multi day crack.
10 days versus 20 days is a significant change.
Very cool stuff.
While we’re on the subject of passwords/password cracking… anyone who uses Wachovia needs to bombard their support with requests to step into 2011. They’re still forcing a 14char max password… probably storing it in plain text somewhere. Also, @Alex Chamberlain, I’m feeling fairly safe using lastpass with a ubikey for 2 factor authentication and some crazy long passwords of total noise. It’s not real 2 factor auth but I feel safe enough. With proper salting I doubt this would be all that effective, even renting time on something like the EC2. Steve Gibson is claiming he’s going to change the whole password world on Thursday on his podcast Security Now (grc.com) and given all his work over the years I’m looking forward to hearing his take. If you’ve ever used one of his “perfect paper passwords” he’s claiming you’ll never need one of those again.
Thats why I use a windows xp cd key with alternating caps and lowercase every few characters.
@fartface I agree that 2x is a huge increase in these cases. For a somewhat complex password, 6 months versus 1 year could mean a lot! :) What I found interesting is that Pyrit has a *more* than 2x speed increase with only a 2x hardware increase. I would be interested to see if ighashgpu does this as well.
oclhashcat is another gpu cracking program worth looking at. it appears to support more algorithms and i’ve had great results using it.
Salting only protects against parallel cracking of multiple password hashes at the same time, it doesn’t really make single password cracking slower.
Even 6 character passwords can be fairly secure if the hash algorithm is slow enough and the charset wide enough. Modern password hashing systems will allow you to adjust number of rounds to make the hash calculation slower. Works especially well on systems that don’t see high rate of logins such as home servers. You could even have 100ms cost for hash calculation and it’d take a year to exhaust the key space of 6 character password for lowercase alpha charset, or a whopping 65k years for full alphanumeric. Obviously 100ms hash calculation has other severe issues though, weakness against DoS attacks for example :)
I’d love to use my GPUs to crack passwords, but they’re all busy mining Bitcoins… :P
3200M?? latest oclHashcat-lite makes 75000M!!
@Matthias – Steve Gibson hasn’t done anything useful since Spinrite. For sure, PPP is well respected by security people, but Gibson is known for making dramatic statements about things which are very ordinary.
Gibson is also known for just making sh it up, like that the magnetic domains on am HDD fade with time. Other stuff, too. He’s a real, REAL good assembler programmer, but I lost a lot of respect for him when I read that.
-faye kane ♀ girl brain
sexiest astrophysicist you’ll ever see naked
tiny url dot com slash kanecave
Seriously. I’m sick of seeing bitcoin forum spam. Enough.
Has anyone considered using a CueCat? It’s a handheld barcode scanner spits out a load of scrambled junk when you scan a barcode, such as “C3nZC3nZC3nWCxjWE3D1C3nX.cGf2.ENr7C3v7D3T3ENj3C3zYDNnZ”. It’s quick to use as an input device, and you could use pretty much any barcoded item in your house as a password.
That works pretty damned well.
27 Mil passwords a second or so? Nice. How do I turn off the GPU overtemp shutdown?
The only thing to keep in mind is salted passwords will be x characters longer than the passwords allowed by whatever system you are unhashing this from.
It would be nice if there was source code.
With all the interest in MD5/SHA1-SHA256 hashing I’m surprised that no one has made ultra high powered processors dedicated to this task alone. Yea FPGA’s have been programmed to provide hashing functions but they are not as fast as a dedicated VLSIC could be.
I’m surprised that this comes so late to HackADay, I’ve seen high-speed hash cracking for years.
The problem is that even with GPU acceleration you won’t often be able to get past 8 characters. Rainbow tables are more effective.
ighashgpu is neat but it hasn’t been updated in over a year.
oclHashCat really nice, it’s an OpenCL version of HashCat. It’s fast and EXTREMELY flexible- to writer made it in such a way that allows distributed cracking. There are multiple version of oclHashCat, each optimized and suited for different methods of cracking (dictionary, single hash, distributed, etc). I highly recommend this one for its flexibility.
RainbowCrack is a monster but they don’t provide many tables. There’s a CUDA accelerated version but that doesn’t support as much as the normal version (CUDA isn’t really needed anyway, tables are fast as hell). RainbowCrack is sweet if you find the right tables.
Cain and Able supports rainbow tables. It’s not as fast as Rainbow crack but it does work.
Ophcrack is a nice easy rainbow table based cracker for Windows passwords. They have good tables available on torrents.
Now I know I’m missing a good GPU cracker but I don’t remember what it is. It’s a competitor of oclHashCat. I’m pretty sure it’s not CUDA Multiforer, too old. If anyone knows please comment.
Make note: CUDA is nVidia-only. OpenCL works on both ATI and nVidia but ATI has optimized their drivers to work much more efficiently with it.
@Truth
GPUs are actually perfect for this task. Multi-parallel processing is exactly what’s needed for cracking hashes.
I’m really impressed by the mad hacking skills of someone who was able to run two pieces of software and compare execution times. True hacker.
@Vijay: You are absolutely correct that cracking passwords is not a memory bound task (but perhaps it would be if you were using a tables based approach). However many other GPGPU applications are constrained by memory performance, particularly with scientific computation. In addition, overclocking memory speed may not do anything if the memory controller is a bottleneck. I think this is why you dont see any difference when changing the cycle frequency for the memory. I’m pretty sure that modern GPUs actually put the memory controller on-die, so that it is reasonable that it is tied to the core clock rate rather than memory frequency. Lowering the memory clock rate should decrease performance.
@Maave: what is the restriction for GPU’s with 8 character passwords? Simply computation time for brute forcing 256 times more possibilities?
@Truth: making hardware is expensive! A chip tapeout is at least $250,000 for one run. This might result in 100 chips or so, depending on complexity etc. The higher the volume the lower the cost – most of that is setup costs. Economically outside of perhaps a few government organizations it doesn’t make sense – and with FPGAs pushing 600Mhz+ it is much more economical to stick to fpgas. Remember you can compensate for the lack of performance per one FPGA by putting multiple FPGAs on a single board.
Barswf is way faster…
@Redmond: As far as I have heard, Barswf is no faster than ighashgpu. In fact it’s slower.
oclhashcat-lite is fastest
@Maave
Whitepixel!
going from an 8 to 9 character password changed the decoding time from 18 hours to 48 days. same thing with the wpa-cracks so far: just go with something longer and you’re safe.
Maave: perhaps you were thinking about my open source GPU-accelerated password bruteforcer whitepixel ;)
http://whitepixel.zorinaq.com
At my work place we have built custom with custom water cooling system for 2 x Radeon HD6990 GPUs for cracking SL3 hash. We are using it for unlocking Nokia phones :)
http://forumas.modding.lt/viewtopic.php?f=13&t=5803
use ighashgpu or ocl? what is best 6990?
How do u get this software