Domain: golubev.com
Stories and comments across the archive that link to golubev.com.
Comments · 11
-
Re:Oblig xkcd
1000 guesses per second is way below what modern hardware is capable of. Have a look here: http://golubev.com/gpuest.htm
Even older GPUs can manage tens of millions of guesses per second.
-
Re:Not news for nerds in the know
The tool referenced:
http://www.golubev.com/files/ighashgpu/readme.htm
says it can do ~3.6 million attempts per second for MD5 passwords, which many "average" admins still consider to be the state of the art replacement for DES. That makes it pretty quick to brute force a short password. -
Re:Windows problem!
Yeah, the MD5 algorithm your old RedHat Linux box probably uses sure takes this tool a long time to calculate.
http://www.golubev.com/files/ighashgpu/readme.htm
Oh, wait...Oh, and the DES algorithm your HP-UX and AIX systems still use is really hard. And don't forget the BigCrypt (two or three DES iterations!) the TCB implementation on that HPUX system, oh my!
It's a problem outside of Windows, because computers have gotten faster since the late 90s when we realized that NTLM was too simple.
:) -
Re:Who cares?
Actually, the tool linked also cracks MD5 passwords. And SHA1. And a number of permutations:
http://www.golubev.com/files/ighashgpu/readme.htm -
Re:Password Plus CAPTCHA helps
Let's look at some alternative alternative math: that 3.3 billion passwords/sec were at http://www.golubev.com/files/ighashgpu/readme.htm. Note that this is the speed for cracking MD5 passwords, which were deemed "almost ready to crack" a few years ago. Modern Linux systems all support sha256 and sha512 hashing; given that this tool is 1/3 slower for sha1 (aka "sha160"), one can guess that current sha2 (sha256/sha512) algorithms will be slower. It's also worth nothing that the algorithms supported by the tool mentioned in the article are *all* not supposed to be used as of 2009: http://csrc.nist.gov/groups/ST/hash/policy.html; the tool doesn't currently even support the sha2 algorithms. The common algorithms which are currently supported (ie, md5) have been breakable in fractions of a second through rainbow tables for years anyway - which was NIST's point, IIRC.
I suppose I'll also note that the Ubuntu 11.04 system I'm typing this upon right now is configured out of the box to use sha512 hashing in
/etc/shadow (check /etc/login.defs on most Linux systems, look for password strings which start with $6$). Assuming the use of PAM for anything important and passwords stored either in root-only shadow file or in an LDAP directory which does compare-only access or server-side hashing, and a secure transport such as current TLS, then this is a non-issue on a Unix system which hasn't already been compromised. It'd be easier and probably more effective, as usual, to socially engineer a password (or otherwise gain access through the human interface weak point) than to get password hashes and break them. -
Here's a link to the original article
Even for Slashdot, this is a little pathetic: the link is to a ZDNet article, which regurgitates a PCPro article, which in turn regurgitates a blog post by the guy who actually ran the tests, Vijay Devakumar. And here's Ivan Golubev, who wrote the cracking tool.
Still, ZDNet's advertisers thank you for the hits!
-
Desktop Supecomputers
Desktop supercomputers (GPUs) are cheap nowadays. Modern GPUs can process over 3 billion (yes, billion, with a B, http://www.golubev.com/hashgpu.htm) SHA-1 hashes per second, and this is where good salt gains it's importance, because even a very strong password of completely random upper and lower case letters and symbols could be extracted from it's SHA-1 hash on just 3 or 4 GPUs in less than 24 hours. Good random salt can increase this search time immensely.
That said, good password practice is obviously to avoid re-using passwords for different services, and if people actually followed that in practice it wouldn't be such a big deal for an attacker to gain access to the password plaintext, because if they have the hash database they probably have already compromised the site / system anyway, and getting the passwords wouldn't help them get any further access to other systems. -
Re:Slashvertisement
In case anyone wants to play around with this tech without paying (or rolling your own):
I tried out this free (as in beer) windows software yesterday: http://golubev.com/rargpu.htm
It seemed to work very effectively - I was able to brute force 5 lower case letter only passwords on RAR files in a couple of minutes on a GTX260.
It also has some advanced options to specify mutations of strings to try, and to use word lists.I'll just leave this here:
http://www.golubev.com/blog/?p=35You can see the estimated speeds in the chart that he has provided. igrargpu (ivan golubev rargpu) is teh good!
-
Re:Slashvertisement
In case anyone wants to play around with this tech without paying (or rolling your own): I tried out this free (as in beer) windows software yesterday: http://golubev.com/rargpu.htm It seemed to work very effectively - I was able to brute force 5 lower case letter only passwords on RAR files in a couple of minutes on a GTX260. It also has some advanced options to specify mutations of strings to try, and to use word lists.
-
Article is devoid of any info
ighashgpu bruteforces Windows NTLM password hashes at a rate of 2.4 billion password/sec on a single GPU (HD 5870). What does this mean with respect to TFA and its measly "4 million/sec"?
Many of the discussions here completely miss the point that bruteforcing rates depend entirely on what is being bruteforced. For example if you look at JtR password hash bruteforcing benchmarks you can see rates with a Core i7 920 anywhere between a measly 758 password/sec (bcrypt) up to 14.6 million password/sec (LanMan). This spans 5 orders of magnitude! It's the same for encrypted files. For example PGP files encrypted with a symetric key issued from the Simple S2K mechanism can be bruteforced at millions of password/sec with a regular CPU, but this can drop to only a handful of password/sec if Iterated+Salted S2K was used with a decent S2K count...
Therefore all these discussions about whether "4 million/sec" is good/bad/improbable are completely irrelevant since the article is devoid of any info about what is being bruteforced. -
"mirror" of elmconsoft, and download
It seems the Elcomsoft page has been
/., if it's in Russia it does not help...
Thanks to google, here's a mirror of the http://www.google.com/search?sourceid=navclient&q= cache:http%3A%2F%2Fwww%2Eelcomsoft%2Ecom%2Fapdfpr% 2Ehtml page, you can download the Advanced PDF Password Recovery here and here
--