New Password Recovery Technique Uses CPU and GPU Together

BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."

What's the point?

[jcicora]

So what, will hackers be able to use my computer to crack my password 25 times faster now?

Re:What's the point?

[halivar]

If they have access to your video card, they can peek behind the pixels to see what's under the "*******". I think. Or something.

Re:What's the point?

[morgan_greywolf]

Oh noes! Then they will know my password!

Wait! There must be some uses of this technology for pr0n.

Re:What's the point?

[kitsunewarlock]

Using a video card for porn! Genius! *tips beer*

Re:What's the point?

[FlyByPC]

Heh. Little do they know that ********* is my password!

Re:What's the point?

All your **** are belong to us!

Re:What's the point?

[Constantine+XVI]

Wow! I didn't expect my GPU-powered password cracker to be that fast!

Re:What's the point?

[Joe+The+Dragon]

no you just need access to the api that makes the *****

Re:What's the point?

[Cctoide]

And frag terrorist butt in CS:S while they're at it.

Re:What's the point?

[StikyPad]

Duh.. that's why you use white-out on the screen.

Re:What's the point?

[stonedcat]

So easy even an ATI can do it!

Re:What's the point?

[XHIIHIIHX]

Yeah, but take the cover off the back of your monitor and there it is.

Re:What's the point?

yes, hackers will be able to crack your password 25 times faster since the combination of software and hardware is stronger.

Re:What's the point?

[TheVelvetFlamebait]

Heh. Little did they know that ********* is my password!

Fixed that for you.

Re:What's the point?

What the fuck is "Add/Remove"? I know Windows 98 had that, and Debian does not. Are you an Ubuntuser?

Nothing for you to see here. Please move along.

[Cro+Magnon]

Looks like the old password recovery system to me. :)

Just wonderful

[Tablizer]

now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages.

Re:Just wonderful

[ScytheBlade1]

I used to think the same. "Eight characters is enough for now, but it's only a matter of time..."

Then I realized that this doesn't mean IT departments will require longer passwords. Rather, this is the death of the password, in place of other authentication methods (smartcard, biometrics, others, and combinations of everything).

It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

Re:Just wonderful

Yes, but when a user forgets their 30 character password we'll now have the firepower to recover it for them!

Re:Just wonderful

[Tablizer]

I wonder why a restriction couldn't be put on how many times passwords are tried? Why is somebody able to get the password file to loop on in the first place? Rather than a file, perhaps the password manager needs to be a device and only a device (chip?), not a file, which limits the number of tries per second. Either don't use or don't allow access to passords in declarative (data) form. Make all access have to go thru an interface. And, if the interface is used too many times per minute, it can throttle itself.

Re:Just wonderful

I'm not a security expert, but it seems to me that passwords are still useful in a variety of contexts, even if they can in principle be brute-forced. First of all, modern password systems should lock-down after multiple failed attempts (or use exponentially increasing lock-out intervals, or whatever). Furthermore, it should be obvious that the password hash itself should be guarded as much as possible. If done properly, this reduces the chances an attacker has to actually use a brute-force technique. (In which case, reasonably strong 8-character passwords already create an impossibly large parameter space to guess a password.)

I agree that other forms of authentication will become more commonplace, but I think passwords will continue to be used in a variety of circumstances. At a minimum, they will be no doubt continue to be used as part of some two-factor authentication systems.

Re:Just wonderful

[Tablizer]

Yes, but when a user forgets their 30 character password we'll now have the firepower to recover it for them!

Not if half of all users have the same problem.

"Hey, since your PC cannot be used because you forgot your password, can I borrow it for a while to help crack lost passwords?"

Re:Just wonderful

[justin12345]

I guess they are going to have to start making long, rectangular post-it notes now.

Re:Just wonderful

[ScytheBlade1]

That's not the problem. The problem is primarily people who gain physical access to the hashes, and load them onto much beefier machines to do the processing for them. 100% CPU for days on end will eventually warrant a call to the help desk stating that their computer is "too slow."

While I agree that for this to be a problem, a previous security hole has to exist somewhere, it's more the "what if that happens" that is the problem. If a hash, and just a hash is stolen, it's not exactly going to set off alarms.

Likewise, once unknown person X has your hash, it's over.

Re:Just wonderful

Well, in general you store the hash somewhere. In combination with other attacks - like say, SQL injection, or some flaw in the chip you mentioned - you might be able to get to the hash. On the other hand it is pretty typical to send some kind of salt to the client and let the client calculate hash(passwd * salt). If you can sniff the result from the network you could try to brute-force it.

Re:Just wonderful

[brian.gunderson]

Speaking of biometrics, I once heard someone mispronounce 'Retinal Scan' as 'Rectal Scan'... Now *that* would be interesting...

Re:Just wonderful

[morgan_greywolf]

I already don't allow the use of passwords on SSH authentications, which is the only service exposed to the Internet at all on my network. Try brute-forcing a 2048-bit RSA key. Good luck!

Anyway, since a network login can be done with a smartcard, why not an authentication mechanism using a USB stick drive containing the private RSA key? Maybe the USB stick drive could even refuse to work unless first authenticated by a thumbprint? Flash memory's gettin' cheaper all the time, right?

Re:Just wonderful

[Tablizer]

Well, okay, how about this: use some kind of network service to store and process passwords. The network service would not allow access to the hash file or internal guts, only the interface. The PC with the password must receive the proper response from the proper address. (I know, there's probably a hole there too, like package spoofing, I'm just kicking around ideas.)

Re:Just wonderful

> Likewise, once unknown person X has your hash, it's over.

Only if they also know the salt!

Besides, I'm sure I met this "unknown person X" character at a party a few months back.

Re:Just wonderful

[sco08y]

It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

It means the search space needs to be 25 times as big. That means the password needs one more letter.

Re:Just wonderful

[legirons]

"now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages."

http://ars.userfriendly.org/cartoons/?id=20071001

Re:Just wonderful

[slyn]

I never got why people have so much trouble making up and remembering long passwords. I'm going to assume everyone here understands leetspeak, and enjoys something (i apologize to all the chronically depressed, i'm not trying to be an insensitive clod).

If you like music, use lyrics and translate them into leet. Example: WelcomeToTheJungle becomes W31c0m3707h3Jung13
If you like movies, use famous quotes and translate them into leet. Example: FranklyMyDearIJustDontGiveADamn becomes Fr4nk1yMyD34r1Jus7D0n7G1v34D4mn
If you think your funny, use jokes and translate them into leet. Example: ThisWebServerIsASeriesOfTubes becomes 7h1sW3b53rv3r15453r13s0f6ub3s
If you have need a password for root on /., use the tagline and translate it into leet. Example: NewsForNerdsStuffThatMatters becomes N3w5F0rN3rd557uff7h47m4773r5

All these passwords are extremely easy to remember, and if you have a standard translation method (ie: 1 is always I and never L) you will prevent confusion that could lead to you forgetting your password. For added protection add symbols like Pipe for L or ? for Q.

Re:Just wonderful

[NotQuiteInsane]

What's the point?
Everyone's just going to pick a password that meets the requirements, then add "#1" to the end of it. Then they just increment the number every time they're forced to change it...

Re:Just wonderful

[Chris_Stankowitz]

In UNIX, the salt is also stored in the passwd file (as cleartext) together with the hash of the salted password. See your wiki link...

Re:Just wonderful

[Rorschach1]

Heck, I was doing that in OpenVMS 10 years ago. Not for security, though.. I'm just a bastard.

Re:Just wonderful

[phantomcircuit]

Or you could start using a more secure hashing function!

The time it takes to calculate the hash is insignificant for a real user, but an increase of even a tenth of a second to an attacker could mean the difference between a day and a week to crack a hash.

bluefish hashes take a long time (relative to md5 and sha1) to computer because the initialization takes a long time, there is no way to accelerate this initialization it must be preformed synchronously.

OpenBSD FTW!

Re:Just wonderful

[ceoyoyo]

You can more than counter it by adding one more digit to your password.

Doesn't seem like such a big deal to me.

Re:Just wonderful

[Tony+Hoyle]

I remember VMS (not tried the open version so not sure if it did this). There was a parameter to set password that'd give a list of completely unreadable junk passwords to use.. the problem was they were so damned complex there was no was a normal human being could remember them.. so nobody ever used it (except a few nutters, and they wrote their passwords down!).

Re:Just wonderful

[Rorschach1]

That's the 'pronounceable' password option. If you kept it short, it wasn't too bad.. it'd give you things like 'ORSTRAPS'. Set it to 64 characters, though, and it's pretty gnarly!

Re:Just wonderful

Because changing all instances of one character to another does nothing to protect your password. It takes much less processing power to run through all 'leetspeak' iterations of a dictionary attack than it does to brute force a password of similar length made of random characters.

Consider the number of possible 14-letter words or combinations of words and compare it to the number of possible random combinations. There are some thousands (or maybe millions) of words or combinations of words. Add in the substitution of digits for instances of some letters and you get (being generous here) a few hundred times more possible combinations. So, say 500 million combinations.

Now look at random 14 character strings. Even using only letters there are billions of billions of character combinations that are 14 characters long. By using words or strings of words you are cutting out nearly 100% of the possible passwords.

Besides, long series of random characters aren't really that difficult to remember. Just break them into patterns and remember the patterns.

Re:Just wonderful

Uh... not unless you're using an OS from before about 1990 (IIRC). Note how the wiki article said "The classic UNIX passwd file stores the hashes of salted passwords." And then goes on to talk about shadow passwords, which shows only an 'x' (or similar character) for the hash in the publicly readable /etc/passwd, and the actual hash in a file only root can read.

For example, this is the ACTUAL, unedited contents of my /etc/passwd file on my Gentoo box:

~ $ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/bin/false
daemon:x:2:2:daemon:/sbin:/bin/false
adm:x:3:4:adm:/var/adm:/bin/false
lp:x:4:7:lp:/var/spool/lpd:/bin/false
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/bin/false
news:x:9:13:news:/usr/lib/news:/bin/false
uucp:x:10:14:uucp:/var/spool/uucppublic:/bin/false
operator:x:11:0:operator:/root:/bin/bash
man:x:13:15:man:/usr/share/man:/bin/false
postmaster:x:14:12:postmaster:/var/spool/mail:/bin/false
postgres:x:70:70::/var/lib/postgresql:/bin/bash
nut:x:84:84:nut:/var/state/nut:/bin/false
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false
smmsp:x:209:209:smmsp:/var/spool/mqueue:/bin/false
portage:x:250:250:portage:/var/tmp/portage:/bin/false
nobody:x:65534:65534:nobody:/:/bin/false
sshd:x:22:22:added by portage for openssh:/var/empty:/bin/false
cron:x:16:16:added by portage for cronbase:/var/spool/cron:/usr/sbin/nologin
ntp:x:123:123:added by portage for ntp:/dev/null:/usr/sbin/nologin
messagebus:x:101:407:added by portage for dbus:/dev/null:/usr/sbin/nologin
haldaemon:x:102:408:added by portage for hal:/dev/null:/usr/sbin/nologin
aiden:x:1000:1000::/home/:/bin/bash
apache:x:81:81:added by portage for apache:/var/www:/usr/sbin/nologin
ldap:x:439:439:added by portage for openldap:/usr/lib64/openldap:/usr/sbin/nologin
ftp:x:21:21:added by portage for ftpbase:/home/ftp:/sbin/nologin
~ $

OH NOES IMMA GONNA GET H4XD!

Re:Just wonderful

[megaditto]

Isn't the whole point of having a hash is that it's useless even if stolen? And who uses DES for production server hashes these days, anyways?

Re:Just wonderful

[suitepotato]

If presently the standard is minimum 8, and it is 25 times better, then the simple math abilities of the managers who think 80% of every Computerworld article is tl;dr will mean a minimum of 200 characters. AND it will require grammatical rules as well such as mixing Hebrew, Cyrillic, and English to make nothing make any sense whatsoever.

Also, the average size of deployed Post-It pads will quadruple and keyboards will get larger.

Re:Just wonderful

[graf0z]

... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

25 < 26, so one more character is enough. Even if you calculate that a standard user password only has 2bit of entropy per character, three more will do it.

I agree password-only authentication should become obsolete. But factor 25x is not really much in cracking. /g.

Re:Just wonderful

[wertarbyte]

Anyway, since a network login can be done with a smartcard, why not an authentication mechanism using a USB stick drive containing the private RSA key?

Because putting your pretty USB stick in a compromised system would void the security of your key. Anyone can just copy it an use it for himself. You can't do that with a smart card, since the key never leaves the card.

Re:Just wonderful

[graf0z]

Note to myself: This is /. so i shall not post obvious facts. Other will do it for me, and they are always faster.

Re:Just wonderful

[Nexx]

Isn't the whole point of having a hash is that it's useless even if stolen? And who uses DES for production server hashes these days, anyways?

You have to know why they're "useless" to understand this vector of attack. The hashes are relatively useless because it's very difficult to recreate the matching passwords. Now, that doesn't mean they will be immune to brute-force attacks -- if they try every possible combination of letters, they'll eventually retrieve your passphrase.

What this article is claiming is, by using the GPU as well as the CPU, it's suddenly much faster to calculate a hash from a test passphrase.

Re:Just wonderful

[Feyr]

no it's not

a hash is just to slow down an attacker should be get hold of your shadow file. even salted MD5 stores the hash alongside the password (see the $1 part). without a salt, multiple logins with the same password are readily apparent and a break in one results in a break in the other. with the salt, the attacker has to do the whole processing for every salt and a break in one is just that, a break of one password

Re:Just wonderful

[jamesh]

I used to think the same. "Eight characters is enough for now, but it's only a matter of time..."

I use two characters for my passwords. Nobody will ever think of trying that!

Re:Just wonderful

[Sigma+7]

100% CPU for days on end will eventually warrant a call to the help desk stating that their computer is "too slow." Boinc System manager (used for Seti@Home type projects) sets the priority of it's 100% CPU tasks to "idle". Most applications won't react adversly to this, as any CPU resorces they need will preempt the background task. Some operating systems may also auto-adjust the priority of apps as well (or you can install custom software that does it for the OS.)

Password cracking software is the same - unless you need to squeeze CPU cycles, they run at a lower priority. While experienced users may still notice symptoms of a 100% CPU, such as a loud fan, it's not something that would easily be detected by unsuspecting users.

Re:Just wonderful

I increment by 10's you insensitive clod!

Re:Just wonderful

[fractoid]

Well, to get the benefits of your suggestion combined with the ease of the GP, try using an easily remembered phrase as the 'key', and the acronym for that phrase (maybe some-but-not-too-much leet speek included) as your password. Much less dictionary-able and still easy to remember. :)

Re:Just wonderful

[schmiddy]

Happily, it seems some companies are finally getting the message that longer passwords does not necessarily mean a more secure system. I know of at least one well-known security software company that has recently revised its stringent password policy from "super long, with numbers and punctuation, changed every 30 days" down to "less long, and you don't have to change it nearly as often".

I'm guessing they had a security audit quietly done, wherein it was discovered that paying a janitor $20 to look for password Post-Its or doing a quick social engineering telephone call could break past more security than 100,000 CPU-hours of password cracking.

Re:Just wonderful

30 characters is too longS Specific the digits, puncuations marks, mixed case and must use Unicode character from at least 8 different international languages is too confuse.

Re:Just wonderful

[YenLi]

30 characters is too long. Specific the digits, puncuations marks, mixed case and must use Unicode character from at least 8 different international languages is too confuse.

Re:Just wonderful

[Tweekster]

Your password is nothing but a series of 1s and 0s. Biometric data is still a series of 1s and 0s
There is nothing magical about biometrics, at the end of the day it is still a regular old password comprised of 1s and 0s

Re:Just wonderful

[YenLi]

Why, need to specific the digit of the types of character. Just require multi characters.

Re:Just wonderful

You've already been hacked, Aiden. I know what you did last summer!

Re:Just wonderful

[Hyperspite]

Even if you use a lockout interval of 1 second, you make it highly unlikely that they can brute force your system as it would take a very long time. The problem, as has been stated above, is when the attacker gets ahold of your hash and can try to match his stuff against the hash before attempting to log in.

Re:Just wonderful

Dammit, why can't there be some algorithm that adds a linear factor to password checking time? If only..

Re:Just wonderful

[cerberusss]

Basically Kerberos does this. RedHat and Fedora have Kerberos enabled in many clients (ssh, ftp, telnet). No passwords ever cross the network.

Re:Just wonderful

What's an international language?

Re:Just wonderful

How many ones and zeros can you expect a human to remember?

How many ones and zeros can you expect human DNA to retain effortlessly?

Re:Just wonderful

[aproposofwhat]

Ah - the unique starfish pattern of every human - but a wide-angle required for a certain Slashdot meme, I think...

Re:Just wonderful

[StressedEd]

There is nothing magical about biometrics, at the end of the day it is still a regular old password comprised of 1s and 0s
Except that you can't change the password when it's compromised.

Re:Just wonderful

[zyberteq]

I guess we you could add newline characters too?
that way you don't need te extra long Post-It (although they do exist) just write '\n' on your note

Re:Just wonderful

[torkus]

Well it does make for an easy way to measure tenure at a company. I never have to ask someone how long they worked here, just get their password and multiply the number on the end by 3 months...

It's far easier to look for post-its, stickies, scraps of paper...

Or social engineering. It's amazing how a 14 year old playing warcraft knows not to give up his password because "teh serverz lost all teh passwordz and if you don't give it to me to put back on teh serverz you will loose your accountz" yet I guaranteed i could cold-call anyone in my company with a fake name and get their password. People seem to fall for "your banking/paypal/etc. password has been lost and needs to be re-entered" pretty frequently though.

Re:Just wonderful

[TheCarp]

Right but the problem is that its really a l33tspeak filter on english.

I tend to go a lbit more elaborate:

w2tJwhF+G Welcome to the Jungle we have fun and games

So each word accounts for 1 letter, often the first letter, sometimes whole words get changed.

"Its better to burn out than fade away"

Could be Bo>Fa

and thats a good half a password right there...

-Steve

Re:Just wonderful

[TheLink]

You can for most biometrics. It might be a bit more painful though.

Re:Just wonderful

[xappax]

the password hash itself should be guarded as much as possible. If done properly...

I agree! Also, programmers should avoid writing code with security vulnerabilities in it, and sysadmins should make sure that nobody can break into their servers. If done properly, we won't have to worry about attackers at all!

Re:Just wonderful

[xappax]

Using 1337speak for passwords is not as clever as it seems, simply because cryptanalysts have thought of it before you. There are many dictionary crackers which do an explicit check for number/symbol substitutions for letters. For example, they check for "clever", "c1ever", "c13\/3r", etc.

Better to use a more complex language filter that only you understand, or that requires some degree of intelligence to interpret, rather than a simple "substitution cipher" which can be automated.

Re:Just wonderful

[kwench]

Password and PINs are fine and will be fair enough for the future. After all, for brute cracking a password you might need to enter it into some kind of device or internet connection which should force a 2 or 3 second breakt before your next try. No matter how fast your GPU is, you are limited to a maximum number of password per time period.
And concerning hash-stored passwords: First the bad boys should not be able to get them in the first place, and second we have a growing need for more complex (and secure) hashing algorithms and the likes.

Re:Just wonderful

[Tweekster]

How many 1s and 0s will actually be checked...
Remember MSs 8 character passwords :P

password recovery

[alex_vegas]

is about as bad a euphemism as 'terminate with extreme prejudice'...

Re:password recovery

[Phoenixhunter]

Time to start getting alt-key ASCII keys in there... Alt-255 anyone?

Government Motto

[wildsurf]

If brute force isn't working... you aren't using enough of it.

Re:Government Motto

[Bandman]

it is important to realize that any lock can be picked with a big enough hammer.
-Sun System & Network Admin manual

Re:Government Motto

[Colin+Smith]

Actually most locks can be picked just by bumping them.

http://www.youtube.com/watch?v=hr23tpWX8lM
http://www.engadget.com/2006/08/07/bump-keying-1-keys-open-any-lock/

Then of course, most doors can be forced in seconds by a shove.

Re:Government Motto

[YenLi]

Maybe our password is strong enough for brute force

Re:Government Motto

Nah, skip bashing the lock with the hammer. Waste of time. Instead, use the hammer and bash the cheap drywall wall next to the door. You can make a huge hole in the wall and go on in. Sometimes tools aren't even needed; a running football tackle at the wall will usually get you right on through.

Or kick down the entire door, lock, frame, and all.

People obsess about padlocks and deadbolts and biometric super locks but they still put those locks on rooms with crappy sheetrock or glass walls, and rooms with drop ceilings that share space with the unsecured broom closet next door.

From TFA:

[Anti_Climax]

For example, the logon password for Windows Vista might be an eight-character string composed of uppercase and lowercase alphabetic characters. There would about 55 trillion (52 to the eighth power) possible passwords. Windows Vista uses NTLM hashing by default, so using a modern dual-core PC you could test up to 10,000,000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft's new technology, the process would take only three to five days, depending upon the CPU and GPU.

I can't tell if the proper response to this is to recommend longer passwords or advise against using Windows Vista

Oh wait, both.

Re:From TFA:

[Otto]

Or to just stop using passwords. Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

Re:From TFA:

[moderatorrater]

And you can't forget to factor in the fact that on average a password will be found in half the time of an exhaustive search, so you're looking at a day and a half to two and a half days per password. When you're hacking the right computer, that's completely and perfectly acceptable.

Re:From TFA:

[dvice_null]

Nowadays the locks in the cars are nearly impossible to open without the key. So what do criminals do? They steal the keys. So USB key is obviously not the perfect solution for this problem.

But what if we would protect the data on the USB key with a password...

Re:From TFA:

[blindd0t]

Well, I can't be the only one who would run that sort of thing through the washer and dryer... Perhaps that with a backup/secondary USB key would suffice? Furthermore, people would require some training/guidance on physical security with that sort of thing (i.e. telling them to keep it with their house/car keys). People already write their passwords and leave that on their desk, and leaving the physical usb key on the desk would be no better. What could be really cool, however, is if the device doubled as your key-card to get into the office.

Re:From TFA:

[DeadBeef]

If you are connecting to Linux or a BSD or anything else that runs openssh, then you can have something along these lines now. Setup an openssh DSA key, copy the public key to whatever machines you need to log into and then you can disable password logins in /etc/ssh/sshd_config altogether. If you are running Linux then for extra credit configure pam_ssh to get single sign on with an ssh key agent. If you are running windows as your client then you will have to make do with putty and pagent.

Passwords are so last century.

Re:From TFA:

[blhack]

True, but it you create an easy way for a user to disable their own account this isn't as much of a problem. Create a 1.800 where you put in a (much easier) password that will allow you to disable access to your account. This way, if your key gets stolen, you just go into I.T. in the morning and have them issue you a new one.

Not to mention the fact that when talking about password, your biggest enemy is some phiser sitting in russia....who is NOT very likely to fly to the states to steal your key. If your data actually is important enough to justify a hiring somebody to steal it, then chances are you are using biometrics/bullets to lock people out anyhow. If you're not, then tell you CIO to stop spending money on frosted glass NOCs that are suspended from the ceiling above your data center that is kept at a constant 42 degress and tell him to start spending it on real engineers.

Re:From TFA:

[Joe+Snipe]

Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

because I stole the key from you while you were getting a starbucks?

Re:From TFA:

[Deadplant]

Because USB is insecure.
(assuming XP) When you plug in your USB key to login to your banking website it reads the signed key/password/whatever and signs you in. Great. Meanwhile... your screen-saver and the 'search bar' you installed also read your key and upload it to Mr. Nasty.

What you would need is a USB key with a processor to do the signing/challenge response internally.

Re:From TFA:

[AK+Marc]

Nowadays the locks in the cars are nearly impossible to open without the key. So what do criminals do? They steal the keys. So USB key is obviously not the perfect solution for this problem.

It's a great solution to the problem. They have to get physical access to you. That will stop 99.99% of all password cracks. Almost all are done remotely, often through security vulnerabilities (including stupid users). Only the most targeted attacks (someone that doesn't want random computers for bots or to break into the easiest sites he can get into, but wants into your computer and only your computer) will someone try to get the USB key. It may not be 100% effective, but it would stop almost 100% of current attacks.

Re:From TFA:

[TimothyDavis]

Wouldn't you have to have access to the password hash to even begin to use this?
Also, a salt would prevent this as well.

Re:From TFA:

[Constantine+XVI]

Seems like that method would open up a new DoS vector, just brute-force the disable passwords until everyone's locked out

Re:From TFA:

[Schraegstrichpunkt]

What you would need is a USB key with a processor to do the signing/challenge response internally.

And a built-in user interface that lets you know what challenge you're providing a response to.

Re:From TFA:

[sco08y]

Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

Better: a CAC reader (~ $25) and a smartcard. I can use my military ID to log into my AKO (an awful Army portal web site) account from Safari (on OS X 10.4) without installing any software on the client side. And, of course, if you install lots of crap and have an elaborate set up you can use it to log into Windows. Without much work, I can use it to sign code and emails and what not.

Why not use a USB key? Simple: the smart card takes a PIN. Get it wrong three times, and the card locks up. The USB stick can be brute forced.

Re:From TFA:

[swimin]

Checking a whole list of passwords adds trivial time to the operation, so it is possible to crack a huge list of passwords in that same amount of time.

Furthermore, if the application is intelligent, password cracking is a highly parallelizable job, so it could easily be split across multiple computers, easily further reducing the time, to the order of hours.

Re:From TFA:

[blhack]

No:

lUser: 1.800.pas.swrd
Phone Operator: Hello, this is Ryan in the I.T. department, how may I help you?
lUser: Omg! i left my purse on the table in the restaurant, my key was in there....will you disable my account?
Phone Operator: Sure may i have the password?
lUser: The password is bananas
Phone Operator: No, thats not the password, you only get two more tries before I call the number we have on file for this user and ask her what the problem is.
lUser: AHHH AHHA AHHHHHH is the password, uhhh....... *click*

Re:From TFA:

[arivanov]

No they will not.

Because, as a matter of fact, on devices like this the key never leaves the device. The device has an RSA engine and the actual public key cryptography happens on the key. If implemented correctly the request travels all the way from the server to the key and back. Not particularly difficult to do. I have an account with a bank in an ex-soc block backwater that does that for the electronic banking. It even uses a third party "national id" smart card for the purpose.

So the toolbar and the search bar cannot get your key. They can inject commands into whatever you have authenticated while you are authenticated, but they cannot not steal your credentials and pose as you once you have taken the key out.

Re:From TFA:

[pthor1231]

USB keys can go through the washer and dryer, no problem. I have sent my 2GB stick through a complete wash/dry cycle easily 10 times, and it still works fine.

Re:From TFA:

[heinousjay]

Is that the same reason I can't lock my house with a deadbolt?

Re:From TFA:

"Why can't I login with a USB key that has some piece of information which is signed using my private key on it?"

Umm, can someone explain to me what value is added, in this case, by signing something with a private key? Having secret info on your usb key - makes sense. Maybe even encrypting it - sure. But *signing it*? What good is that in this context? Signing is only useful for determining that something hasn't been changed. But in the case of a keyfile, if you change the keyfile, it doesn't work, so no one is gonna tamper with it anyhow, they'll just try to steal it.

Re:From TFA:

The keywords that you seem to have misread are "might be". Vista doesn't *require* that password architecture, but can be configured to do so, much like any other system. While it maintains a merry tradition to trounce on operating systems without ever having used them or with complete misinformation, it doesn't really do much to make your case. :)

Re:From TFA:

[obarel]

The exact same reason.

After all, I do need the key to your house to get physical access to your computer. Make sure you order a muffin as well.

I've seen enough Steven Seagal movies to know that any password can be obtained by threatening to burn your retina with a laser beam. I suspect the same holds for USB keys, but I haven't actually seen that in a movie yet, so maybe it doesn't work like that (note that breaking into a house, not to mention a museum with a huge diamond on display is really easy, so you can stop locking the door).

Re:From TFA:

And then what? You make it impossible for the actual user to disable the account? Sounds like a great way to make sure that key you just stole stays active. Especially if you stole the cell phone sitting next to it.

Re:From TFA:

[Zeinfeld]

Or to just stop using passwords. Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

Because you are using Linux instead of Windows which has supported smartcard login since Win2K?

Its a silly patent though since the idea of using a general purpose SIMD computer for a trivially paralizable task is obvious. Either the patent is much more specific or its junk.

Re:From TFA:

[El_Isma]

Isn't NTLM cracked (by brute force) already? I have used ophcrack against my systems and it got the password quite quickly (10 min in one case, 20 in other). Sure, building the tables probably took more than a few minutes, but it's do-once-crack-everything.

http://ophcrack.sourceforge.net/

Re:From TFA:

[blhack]

DO i really need to outline this for you?

You have 1 guy sitting at a desk all night whose job it is to disable accounts.
If somebody gets their key stolen and calls, he disables the account..then calls them back to confirm.
No, you didn't call me? Somebody is trying to lock you out? Well would you please ensure that you have your key with you by using it to log in?
You're logged in?
Okay, sorry to wake you, please come to the I.T. depertment tomorrow morning and we will issue you a new key (in case it was copied or something else spooky), we will be monitoring your account for unusual activity until then, have a nice night.

Re:From TFA:

[dmsuperman]

See, there's a problem with this. None of these solutions on this page is good enough. The only way to have truly secure anything is to have no reliability on anyone else. This has yet to even be thought of. This means that you and only you knows your password, not even stored on some other server, and there's no way for someone else to guess it or to steal it from you short of forcing you personally to put it in.

Re:From TFA:

You have changed your method for the worse. Now you are immediately disabling the account and then confirming and then committing additional resources for a probationary account reactivation. Even assuming you handle the case where the employee handles the phone, you have not really prevented the DoS.

Sure, your method might work in a single instance, but will fail with N simultaneous instances. (Not to mention it will really piss off your employees if you are continuously interrupting their work or calling them every night at 3:00 am.)

Re:From TFA:

I bet the USB was still full of 'dirt'.

Sounds like your washer is not very good at cleaning your bits.

Re:From TFA:

[sr180]

Completely secure locations require 3 seperate pieces of information for identity:

something you are: i.e. fingerprint scan or retinal scan.
something you have: i.e. a smartcard or rfid key.
something you know: a password.

This prevents the scenario you describe.

Re:From TFA:

[caluml]

Just keep the user's mobile phone number on record (virtually everyone in the UK has one) and use that as the "what you have" part of the authentication. Username, password entered correctly - text a random code to the phone, and then they have to type that in.

Re:From TFA:

[DerWulf]

Retinal scans and finger prints canners are surefire ways to loose an eye or your thumb. I'd never open an account with a bank that replaced PINs with biometrics.

Re:From TFA:

[Slashcrap]

Retinal scans and finger prints canners are surefire ways to loose an eye or your thumb.

If only they would stop using such high powered lasers for the retinal scans, we could avoid all these tragic blinding incidents. And why are fingerprint scanners always fitted with guillotines? These companies aren't even paying lip service to the Health & Safety legislation.

Yeah, I eventually figured out what you actually meant, but you could have made it easier on the people reading your comment.

Re:From TFA:

True has supported it since Win2K. True also that every laptop I've been bought by work in the last 5 or 6 years has had a smart card reader. And true that PKI is well known and now basically free. True also that I've never seen an instance where a company was actually using it. Actually I can't tell you the number of times that I've seen a HTTP Basic auth dialog box appear in a corporate environment and seen people check the "remember my password" box. If IT departments can't figure out Windows domains, NTLM/Windows Integrated Authentication (ie Kerberos with Win2k or later) when MS has simplified it to the "check this box and uncheck that other box" what makes you think that they will be able to grok PKI and Smart Cards? Most IT people, and even directors of IT don't understand PKI, or Smart Cards. Until passwords are so broken as to be dangerous they will persist in the corporate world.

Re:From TFA:

[DerWulf]

Woops, sorry about that!

Re:From TFA:

[MeditationSensation]

Sir, I don't think I've ever seen a UID as low as yours. I stand in awe.

Re:From TFA:

[sr180]

Retinal Scans and Thumbprint scanners will NOT work on eyes and thumbs that have been removed from the body, or are attached to a dead person.

+ With the password, that would still be useless anyway.

Re:From TFA:

[zevans]

And a built-in user interface that lets you know what challenge you're providing a response to. Sort of like one of these?

http://www.carelink.co.uk/upload/Carelink/Images%20and%20pictures/Products%20and%20solutions/RSA%20token.gif/

Re:From TFA:

[DerWulf]

So criminals will receive a newsletter regarding this, yeah? And whats dead anyway? Are you saying the scanners check for a pulse? Even this you could probably induce artificially.

Re:From TFA:

[Schraegstrichpunkt]

No. That's a one-time password generator. It's still subject to interception and unauthorized use by a man in the middle. This would be more like a debit card PIN pad, which displays the requested transaction and asks for authorization, except it would actually be cryptographically secure (unlike said PIN pads).

Re:From TFA:

[foksoft]

Smart cards are also insecure. Yes, they have cryptogrphic chip on it and you have to enter your PIN to get result out of it. But when your computer is compromised then you don't know who is reading your PIN and what data are sent to the card for encryption/signing. So if you use your smart card for login and also for access to your bank, then you can sing big check for some trojan during logon on compromised computer.
There needs to be verification of the data that are being signed by smart card. Like with some two factor bank calculators. And also entering PIN directly into security device instead of compromised computer might be better.

Re:Nothing for you to see here. Please move along.

[Tablizer]

Looks like the old password recovery system to me.

But now you can play Doom while you wait.

Pricing, What About SLI/CrossFire?

[eldavojohn]

Pricing for these apps is pretty steep at $1,299 per machine license. Well, maybe not so steep if you consider how valuable it could be for you. It doesn't say if that has the GPU utilization with it yet or not.

Also, I wonder if they've investigated using SLI & CrossFire with these. That seems like something obvious to me but not included in the article. I'm unaware of their implementation but it sounds like it could be parallelized--and accross 2 or even 4 cards, that could get hilariously powerful.

Re:Pricing, What About SLI/CrossFire?

[CastrTroy]

And how much more efficient is this than using http://en.wikipedia.org/wiki/Ophcrack">Rainbow tables. Using rainbow tables, Ophcrack can break passwords in seconds.

Re:Pricing, What About SLI/CrossFire?

[Nathanbp]

Nvidia's CUDA, which is what they're talking about, supports multiple graphics cards in the same computer. You don't actually use SLI, just run programs on multiple graphics cards. They've demoed systems with 3 8800GTXs (they take up 2 expansion card slots each, so you can't fit more than that in a single normal sized desktop case).

Re:Pricing, What About SLI/CrossFire?

[silas_moeckel]

Actually this could really speed up generating those tables, really RT's is a clever way of indexing the results of a brute force attack. It still takes piles of disk space to keep the tables around though I can fit a lot of them on cheap disk these days.

Re:Pricing, What About SLI/CrossFire?

[caseih]

ophcrack is for cracking LM hashes, not SSHA or even MD5 hashes.

Re:Pricing, What About SLI/CrossFire?

[ET_Fleshy]

Rainbow tables are great if they're using an incredibly weak password. This could help to crack harder passwords, but unfortunately any decent password is still nowhere in the country where the building housing the vicinity of cracking good passwords is located. Speeding up the brute force attack of a 20,25+ character password by a factor of 25 doesn't really make a difference.

Re:Pricing, What About SLI/CrossFire?

[AncientPC]

To disable LM and use NTLM only, read MSKB #147706. Ophcrack only offers LM hash tables for free, NTLM hash tables are $240.

Re:Pricing, What About SLI/CrossFire?

[cdekadt]

Complete waste of money. And if it uses CUDA, it will never be on Crossfire, because it's Geforce specific. And if CUDA supports SLi, then so will it. Pretty arb article, generally.

Re:Pricing, What About SLI/CrossFire?

Rainbow tables can only cover a certain amount of characters. The more characters, the bigger the table, and the longer they take to produce. Old style LM-Hashes are relatively easy to crack with tables because they are no more than 7 characters. NTLM hashes on the other hand can be much longer than 7 characters. The largest NTLM table I can find is 10 characters long, and it doesn't include special characters or punctuation. This is where brute forcing would come into play. So yes Ophcrack will in some cases break passwords faster, but tables have their limits.

Nice euphemism

[otmar]

"Password Recovery" sounds so much more benign than "Cracking Passwords".

Hello, Mr. Orwell. *wave*

Re:Nice euphemism

[Frosty+Piss]

And note that ElcomSoft is Russian, home of the Bot Nets....

Finally,

[Tablizer]

I can now release the 12,000 monkeys I kidnapped for the task.

Re:Finally,

Give 'em to me. I need to generate some good strong passwords.

Re:Finally,

[parlyboy]

Be careful about releasing those monkeys!

Re:Finally,

[Tablizer]

Give 'em to me. I need to generate some good strong passwords.

Try the Whitehouse, I hear some escaped to there. (*ducks*)

Re:Finally,

[noidentity]

Now, about cleaning up the mess 12,000 monkeys leaves...

Re:Finally,

Give 'em to me. I need to generate some good strong passwords.

Just make sure to use a finite ammount of monkeys, otherwise your password will (eventually) be something along the lines of

Whether 'tis nobler in the mind to suffer

Re:Finally,

[locallyunscene]

At 25 times faster you'd still need 480.

Re:Finally,

[kryten250]

I'll buy those monkeys and 12,000 typewriters as a way to challenge them and prove even a monkey can beat a computer!

PS3

[Nom+du+Keyboard]

I thought this was the task for the PS3. Maybe you can use it's GPU in addition to its Cell.

Re:PS3

[lexarius]

Not if you're using Linux. The GameOS hypervisor currently blocks access to the GPU. All you've got is framebuffer.

Re:PS3

[LordHatrus]

The GPU of the PS3 is greatly disabled in PS3's linux mode via Sony's hypervisor, probably to keep 3rd party games, indie dev, etc out of the picture. So that's a negative. Unless Sony wants you to. :-)

Re:PS3

Hmm, strange. I've never seen someone use the incorrect it's = IT IS for his first possessive, then suddenly switch to the correct possessive ITS for the second one.

Re:PS3

They intend to try it on a PS3 but they haven't gotten around to buying a PS3 yet (too expensive). They did however have a go on a Halo special edition XBox 360 and 10 seconds in, they got the dreaded RROD. Opening the new 360's case showed that the GPU had melted.

Re:PS3

[zevans]

You'd need to take the Cell processor and then put it in something a little more accessible so you could run arbitrary code on it, just like a regular server! Hey, I'm gonna go tell IBM to get on it right now!

Oh... wait...

http://www-304.ibm.com/jct03004c/press/us/en/pressrelease/22258.wss/

Patentable?

[Predius]

I wonder what's patentable about using a cpu thats a better fit to get the job done quicker?

Re:Patentable?

[querist]

I am not sure this could be patented. (IANAL, etc.)

This looks like a new spin on the old Commodore 64 trick of pushing computation tasks off to the CPU in the model 1541 floppy drive. It is interesting that someone has done it. I am sure many of us have thought about this, but the folks at ElcomSoft actually did it.

Pretty cool, IMHO. Also, somewhat frightening.

And, just for fun, I need to add the obligatory "...but imagine a Beowulf cluster of these!"

Actually, that would be interesting - sort of a nested cluster effect.

ElomSoft have been marketing this stuff for years

But even paranoid people needn't worry: none of it works very well, if at all.

Just try cracking the password on a RAR file. Unless it's something truly braindead, such as, say, "123", in about two weeks the ElcomSoft password-cracking app will tell you that it couldn't crack it.

what else

[CubicleView]

What else would this be useful for. This isn't a rhetorical question, I'm too lazy to look it up. Is this relevant for video encoding, and other regular consumer stuff?

Re:what else

probably would be incredibly useful for non-password related mathematical computations... faster monte-carlo simulations and more accurate matrix multiplication would no doubt be welcomed by the mathematics/statistics community on the whole...

How does this qualify for a patent?

[Nathanbp]

What seems to have been missed in the discussion so far is that this company is applying for a patent on their technique, which they claim is "revolutionary." I really hope that this doesn't get granted, as it would open a whole new realm of stupid patents for "X on a graphics card," which is about as stupid a patent as "X on the internet."

Re:How does this qualify for a patent?

[moderatorrater]

Using normal standards of prior art, the NVidia dev kit for their GPU and the folding@home application on ATI video cards should be enough to show that "on a video card" is pretty standard nowadays.

Not so new but still neat.

[jshriverWVU]

This project has been around for a long time: http://www.gpgpu.org/ Though I agree modern GPU's are even more useful for general purpose computing.

Define "lost password"

[frovingslosh]

I've read the article (such as it is), and it keeps claiming that this is a technique to recover "lost passwords". But I don't really believe that is the purpose of this software, and I have to ask "What is the difference between a 'lost password" and a password that belongs to someone else and not you?". Does anyone else really believe that the actual use of this software will be to assist the majority of users recover their own passwords? I do not. I suspect it might be harder to patent a tool for identity theft than for recovering "lost passwords" though.

Re:Define "lost password"

Well brute-forcing a password from a hash is indeed what you would have to do to recover a lost password. Although, I do have trouble imagining and instance where a sysadmin would have access to the password hash but not have the ability to reset the password itself.

But really, this system is useless for a nefarious hacker unless they have already someone obtained the password hash. Obviously using this system means the hacker will now be able to determine your password in 5 minutes instead of 2 hours, but that's hardly your biggest concern: if a hacker has reached the point where he is examining your password hashes, then you already have a serious breach of your system!

So, really, I don't see how this machine could be a general-purpose cracking tool. No matter what, you still need to steal the password hash, which already requires exploiting some sort of vulnerability.

Re:Define "lost password"

[querist]

The difference between a "lost password" and "cracking someone else's password" revolves around the legal right to access the information.

"lost password" situations (obviously, not an exhaustive list):

I could forget a password for something. I've done it before, and I'm sure I'll do it again.

I could be hit by a bus and my employer will need access to my encrypted files. (Granted, we have a better system to handle this, but I think you understand.)

"cracking":

trying to access your soon-to-be-ex-wife's files to find evidence that she's having an affair.

trying to access files you "found" or copied that you really should not be reading anyway.

As you can see, the main difference revolves around the legal right to access the information. They are both "password recovery" or "password cracking", but the former has connotations of legitimacy while the latter (in most social circles, at least) bears a connotation of illicit activity.

That said, I agree that it will more likely be used for illicit activity, but this application clearly has legitimate uses as well.

Re:Define "lost password"

[copyright+and+tm+law]

I've actually bought two of this company's products to recover, yes, my own lost passwords. One in a WordPerfect document and the other in a .zip archive. Seeing how short a time it took to get both passwords (my fingers had just left the ENTER key), and knowing how little the programs cost, I started saving the important stuff using PGP. That may no longer be sufficient. Seriously, though, if this results in smaller operations than the NSA being able to get passwords through the use of the type of computers available to say your local police department, it may mean that stronger encryption systems may not be the barrier they have been. Watch out bad guys. (One of my favorite PGP crack involved a keylogger. A FBI agent looked at the password they recovered and thought it looked naggingly familiar; and then it hit him: it was the federal prison I.D. number for the suspect's father.)

Re:Define "lost password"

[DrSkwid]

Most computer crime is from the inside. Inside people already have elevated access to stuff like your hashed password.

Re:Define "lost password"

[mce]

One word (at least on any decent UNIX-like system): /etc/shadow. That reduces the set of dangerous inside people to just those who don't need to crack because they can bypass/read anyway. Sure, even those might have a use for actually cracking your system password and trying to use it to decrypt stuff for which their mere root powers won't help, but you simply always have to trust somebody. Unless you're so paranoid you only want to be a one-(wo)man shop, of course.

Re:Define "lost password"

[DrSkwid]

I prefer plan 9's /adm/users

Elcomsoft

[ptrace]

Isn't this the same Russian company that sells tools to crack Microsoft Office file passwords? Sorry... I mean "recovers" Office passwords.

Re:Elcomsoft

[someone1234]

Also Free Dmitry Sklyarov!
http://www.freesklyarov.org/

Re:Elcomsoft

[GiMP]

This is the company with which Dmitry Sklyarov was employed at the time of his arrest by the FBI, back in 2001. Before his arrest, at a conference, Dmitry made a presentation on cracking Adobe's eBook DRM. The method used for this crack was utilized in Elcomsoft's Advanced eBook Processor software.

This was really big news back in 2001-2002, although I guess thats a bit too long ago for most slashdot readers, since I (surprisingly) haven't seen any other comments mentioning this.

Re:Elcomsoft

[arivanov]

I was just going to post it. You are right, I was also wondering how few people remember it.

Elcomsoft produces probably the best crackers for MSFT password protected files. In one of my previous companies we used to own a copy just in case someone from marketing managed to password protect something in a state of inebriation or someone from sales was marched out of the door leaving a pile of encrypted quotes and tenders.

That is probably the only legitimate use I know for their stuff (quite a popular one actually as nearly everyone nowdays tends to have inebriated marketing and primadonna sales o vice versa).

Re:Elcomsoft

[Alioth]

It's also a company that makes spamming software.

What about FPGAs?

[FlyByPC]

FPGAs (Field-Programmable Gate Arrays) sound like they would be just the ticket for SIMD (single-instruction-multiple-data) calculations such as this. Configure up a bunch of FPGA chips to do the encryption calculations on a zillion combinations in parallel...

Re:What about FPGAs?

[phantomcircuit]

That has already been done, but it is far more complicated to setup.
http://nsa.unaligned.org/

Re:What about FPGAs?

[Agripa]

Why use FPGAs when you could go custom:

http://en.wikipedia.org/wiki/Deep_Crack

Of course, if you are dead set on FPGAs, the machines are available now:

http://www.copacobana.org/index.html

Cool, but a Linux Boot CD would be ALOT cheaper...

[Zymergy]

Petter Nordahl-Hagen's Offline NT Password & Registry Editor: http://home.eunet.no/~pnordahl/ntpasswd/
NOTE: Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2), Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit.

Irony? ("...by a company called ElcomSoft...")

[ClayJar]

I'm just wondering, should I take the summary as intentionally ironic (i.e. as if it had referred to an operating system "by a company called Microsoft"), or should I assume it was written by someone *fascinatingly* oblivious to the recent history of decryption software and the disputed legalities thereof? An informed, non-ironic summary would simply say, "...by ElcomSoft...", of course.

For any of you who may have been living under a rock (possibly on another planet), ElcomSoft is the company that was employing Dmitry Sklyarov, who was arrested in the US on DMCA charges when he'd come to present at a conference. Wikipedia has more.

Can the GPU handle more diverse tasks?

[Frozen+Void]

Like searching chess positions or recognizing text? I was under the impression it very limited and requires specific types of input with restrictions on which operations can be used.

Re:Can the GPU handle more diverse tasks?

[compro01]

modern GPU's have been becoming increasingly general purpose since the introduction of programable shaders.

NVIDIA's CUDA and ATI's CTM are examples of this.

Re:Can the GPU handle more diverse tasks?

[julesh]

Like searching chess positions or recognizing text? I was under the impression it very limited and requires specific types of input with restrictions on which operations can be used.

GPUs aren't very good at algorithms that require a lot of indirection or a lot of jumps. They work because they arrange incoming data in a stream and process large chunks of it in parallel. Both of the applications you suggest are unlikely to benefit hugely from GPUs. Chess position ranking could probably work well; set up a queue of positions in a suitable encoding and stream them through the GPU, get a stream of scores out of the other end. The logic of deciding which positions to send to the GPU is *far* better handled by a traditional CPU.

Text recognition is probably a little trickier. It would work if you're looking for only a few strings in long streams of text, but every time you add another string you're likely to need several additional pipeline stages. You'll run out of GPU pretty quickly.

Disclaimer: not really an expert in this, just someone who's done a little research about processing architectures, and intends to play around with general-purpose GPU apps at some point in time.

Re:Can the GPU handle more diverse tasks?

[Wavicle]

GPUs were foremost designed to execute large numbers of linearly-ordered simple matrix/vector operations per clock cycle. When it comes to generating 3D, there isn't much in the way of branching, recursion or conditional execution involved. I haven't checked recently, but it used to be that a "pixel pipeline" referred to a unit that could do a 4x4 * 4x1 operation in a single clock (16 multiplies and 12 adds).

Coincidentally this also helps a large number of scientific applications, such as molecular dynamics, or physics applications that can be converted into vectors and manipulated, such as kinematics (this is what a physics engine often does).

Game tree searches (I've written a few in my time) are usually highly recursive with exponential growth (branching factor). It would be very difficult to transform these into an efficient set of linearly-ordered vector operations. For example the static evaluator on many (older) chess engines consists of a painful set of heuristics and exceptions to heuristics, and exceptions to exceptions to heuristics. It is a very chaotic flow problem.

Re:Can the GPU handle more diverse tasks?

[smallfries]

GPUs were foremost designed to execute large numbers of linearly-ordered simple matrix/vector operations per clock cycle.

Minor correction - I know what you mean when you say "linearly-ordered" but a more accurate way to describe it would be: large sets of independent operations per clock-cycle. The sequential encoding that happens between clock cycles is true of most processors, and not specific to GPUs. The key is high performance is the lack of communication between separate instances of the pixel shader which is a property of the independence of the sub-problems.

You're right about the chess search, in contrast to what the poster above you claims, a GPU would not be suitable for evaluating the heuristic because of the branching control flow within the heuristic. An interesting scoring function would be to try and encode a neural network that can score the position: then data packing would be an issue but a neural net can be converted into very efficient GPU code as long as the number of pixels that you are gathering the position from is quite low.

The real performance killer would be the scatter at the other end - once a position is scored the card needs to perform sorting to filter out the high scoring positions from the low. This sorting may be avoidable on the newer CUDA cards as their memory architecture allows an efficient scatter without the need to sort data.

If the GPU is that fast....

[lena_10326]

...why not just put the OS on the GPU and use the CPU for mundane things? :)

This is utterly pointless...

[geekmux]

With the advent of rainbow tables, coupled with the fact that 95%+ of the general population uses passwords less than 15 characters in length, there's not much business left for true cracking in Windowsland. Perhaps looking at the core problem (NTLM "encryption") as part of the solution? I could be spitballing here tho... /sarcasm

Re:This is utterly pointless...

[petermgreen]

The proper fix is to either explicitly disable LM hashes or use long passwords that won't generate them.

I'm not sure why MS doesn't make this the default, stuff old enough to need the LM hash must be getting pretty rare by now.

improper newspeak usage citizen

[circletimessquare]

this kind of thing is not considered orwellian, it's considered "forward thinking"

please get your newspeak euphenisms right

Pie in the sky hardware

[dfn_deux]

Anyone car to point me to one of these mythical video cards with 128 processors and 1.5 gig of fast on board memory? Also, at the price point they are asking for this software (1200USD per seat) it seems like this is hardly cost competitive with doing this same sort of thing using commercially available FPGA dev/prototype boards and open source software designed for this EXACT task.

Re:Pie in the sky hardware

You can go into any computer store and buy a nVidia 8800 GTX with 128 stream processors and 768MB memory. You can get more of everything by going for something out of the workstation series of graphics cards. Or using two. Or four.

Re:Pie in the sky hardware

[Mr.+Sketch]

Video cards don't have 128 processors exactly, but each processor can have 128 separate instruction pipelines (SIMD 'stream' processors) which can run in parallel http://www.nvidia.com/page/geforce_8800.html. The programmer just loads a small amount of code into each of these stream processors and lets it crank away at the data. In graphics processing, these stream processors are used for per-pixel and per-vertex shading.

Re:Pie in the sky hardware

[Mr.+Sketch]

Sorry for replying to my own post, but some more digging turned up this page with details on their HPC products:
http://www.nvidia.com/object/tesla_computing_solutions.html
and this is the card with 128 parallel processors and 1.5GB memory:
http://www.nvidia.com/object/tesla_gpu_processor.html

Re:Pie in the sky hardware

Anyone car to point me to one of these mythical video cards with 128 processors and 1.5 gig of fast on board memory?

Nvidia Quadro FX 5600... 1.5GB of GDDR3 and 128 stream processors. It'll cost you around $3000 for one of them.

Re:Pie in the sky hardware

[jpmorgan]

That's the Quadro FX 5600. It's the new benchmark in high-performance GPGPU and graphics. They cost about $4000 a pop though. :-)

Poorly written article

[Deadplant]

And with as much as 1.5 Gb of onboard video memory Not knowing the difference between a bit and a byte == Fail.

ElcomSoft has discovered and filed for a US patent on a breakthrough technology ... harnessed the combined power of a PC's Central Processing Unit and its video card's Graphics Processing Unit. The resulting hardware/software powerhouse will... Referring to the (obvious) use of a new library/sdk from NVIDIA to improve performance of an existing application as the "discovery of a breakthrough technology" ==
Fail.

...allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords. Cut and pasted from "How to write with spin for dummies"
Fail.

...will be incorporating this patent-pending technology into their entire family of enterprise password recovery applications. Corporate press release copy and paste == Fail.

Numerous grammatical errors == Fail.

Re:Poorly written article

[cdekadt]

Yes. It's terrible. All this company has done is use CUDA for what it was meant to be used. Big whoop. If they get a patent for it, it's really, really sad. And quite honestly, the number of passwords to test increases exponentially with length. It doesn't matter if they get a speed-up of 100x.

Something is wrong with computer priorities

[mi]

Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor even at the things like number-crunching?

Is it because the GPU engineers can completely redo the thing from scratch whenever they want to, whereas the CPU-designers are held back by the backwards-compatibility issues?

Computer Science teaches, programmers aren't supposed to have to do "tricks" like this — you code, and the translator (compiler or intepreter) will translate from your programming language to the hardware instructions. It never quite worked this way, but it was much closer — even when the floating-point co-processor (such as x87) was only available in some machines.

What's up?

Re:Something is wrong with computer priorities

Think e.g. memory protection which isn't needed on a GPU and which requires lots of translation to compute the physical address in RAM from the virtual address refered by a running program. This and various other things slows down memory intensive computations. The CPU needs lots of extra stuff to support e.g. a multiuser OS.

Re:Something is wrong with computer priorities

[ZorbaTHut]

It's because CPUs are designed to run long streams of sequential instructions very, very quickly, with utterly random access to data, while GPUs are designed to run huge numbers of instructions in parallel very, very quickly, with relatively restricted access to data.

A huge amount of modern CPU design is taken up simply by attempts to predict what will happen next, and attempts to allow blazing through a single long instruction stream as fast as possible. Parallelization gives tremendous speedups, as long as the problem you're working on is actually parallelizable. Password cracking is what's known as an embarrassingly parallel problem, so it's perfectly suited for this sort of processor. An OS, on the other hand, isn't even close to as parallel.

Re:Something is wrong with computer priorities

[DrSkwid]

There is nothing wrong except your understanding of the difference between a general purpose CPU and a specialised purpose CPU.

Re:Something is wrong with computer priorities

[lakeland]

No.

CPU designers are held back by trying to give good performance to general purpose programs at the same time as supporting these specialised uses. They've tried, we have 3DNOW, SSE, SSE2, SSE3 and others but it is too hard for them to compete with a GPU which doesn't have to support general purpose use. A GPU doesn't even have to deal with things like interrupts or memory protection!

Re:Something is wrong with computer priorities

[julesh]

Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor even at the things like number-crunching?

You need to rephrase your question, because it makes an incorrect assumption. Here:

Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor especially at the things like number-crunching?

The answer is obvious if you think about it: those "pretty graphics" are a huge number crunching problem. That's all there is to it. GPU's, however, aren't very good at tasks that don't do exactly the same thing huge numbers of times. This is true of most applications. Including the applications that run on the PC to control what the GPU does in stuff like what the story's talking about.

Is it because the GPU engineers can completely redo the thing from scratch whenever they want to, whereas the CPU-designers are held back by the backwards-compatibility issues?

Partially. Modern GPUs have (I think -- I don't keep up to date) 256 bit wide memory interfaces, running at close to gigahertz speed. This means they can transfer to and from their memory at about 4 times the rate a PC can. This is possible because (1) graphics card manufacturers don't mind the types of memory they use changing on a virtually model-by-model basis and (2) they also don't mind being stuck with non-expandable memory that's soldered directly onto the card right next to the GPU.

It's also because GPU engineers can sacrifice a lot of the flexibility of a PC. So what if the pipeline stalls if all 32 threads aren't doing exactly the same thing at the same time? Most of the time, they will be.

Computer Science teaches, programmers aren't supposed to have to do "tricks" like this -- you code, and the translator (compiler or intepreter) will translate from your programming language to the hardware instructions.

So why did my CS course have a module where we learned how the hardware worked? About memory hierarchies? About SISD, SIMD and MIMD processors? Why does Knuth's The Art of Computer Programming, possibly the most important book ever written on CS, approach problems at an assembly language level? Why, in my CS course, did I learn two different kinds of assembly language (one CISC, one RISC)?

Because CS is concerned with a holistic view of computers. With the fact that they are machines for executing instructions, and what can be done with those instructions. With the fact that it may be more efficient not to specify that much detail, but also the fact that, from time to time, you do need to do that.

Re:Something is wrong with computer priorities

[julesh]

Modern GPUs have (I think -- I don't keep up to date) 256 bit wide memory interfaces, running at close to gigahertz speed. This means they can transfer to and from their memory at about 4 times the rate a PC can.

Correction: modern GPUs have a 384 bit wide interface, running at 800MHz *dual-pumped*. Compare with the Intel Core 2's 128-bit wide, 333MHz dual-pumped interface, and you'll see that it's actually over 6 times faster at accessing memory.

Re:Something is wrong with computer priorities

[mi]

The answer is obvious if you think about it: those "pretty graphics" are a huge number crunching problem. That's all there is to it. GPU's, however, aren't very good at tasks that don't do exactly the same thing huge numbers of times.

Well, maybe there ought to be numerical co-processors then — again?

Modern GPUs have (I think -- I don't keep up to date) 256 bit wide memory interfaces, running at close to gigahertz speed. This means they can transfer to and from their memory at about 4 times the rate a PC can. This is possible because (1) graphics card manufacturers don't mind the types of memory they use changing on a virtually model-by-model basis and (2) they also don't mind being stuck with non-expandable memory that's soldered directly onto the card right next to the GPU.

Terrific. Now how much of the performance edge, do you think, is due to this inflexibility? The article is talking about a 25-fold gain — which suggests, the GPU is 24 times faster than the CPU. I think, I'd be willing to sacrifice flexibility for this kind of performance jump...

So why did my CS course have a module where we learned how the hardware worked?

Because practice is different from theory. But they are normally getting closer — few people program in assembly these days, for example. We hardly use different memory models (FAR-pointers anyone?). We rarely even worry about the distinction between RAM and virtual memory in our code. With 64-bit addressing one can even use mmap freely (because size_t and off_t are equally wide). Life is good — you can write a readable (enjoyable even) program without sacrificing performance.

Except for these GPUs, which throw programming back to the machine-instructions.

A patent for this...

[JimDaGeek]

So someone takes software to brute force crack a password. Throw in a GPU, and wham! A new patent. How is this anything but evolutionary? It certainly is not revolutionary or "innovative".

This is the same damn thing that has been done before, except now a GPU is used to help. That is it. Software patents suck. Real bad.

Re:A patent for this...

[stoanhart]

This really is ridiculous. They are basically saying "Hey look, someone sells a product designed to do a lot of parallel math, quickly! Lets patent using that product for its intended purpose!"

In the spirit of this, I would like to take this moment to announce my new patent, which is currently pending approval. My patent is entitled "A method of performing specific procedures by invoking the use of devices designed to carry out those procedures." Now I can sue anyone who uses a product. Well, I have to go book my plane ticket to Texas, see you later!

Re:Irony? ("...by a company called ElcomSoft...")

[GiMP]

> arrested in the US on DMCA charges when he'd come to present at a conference.

Something particularly notable since at the time, the DMCA was a very new law. It was, I believe, the first notable case putting the DMCA to test in court. Furthermore, the case was a particular rallying point amongst geeks, not only because of the potential consequences it had for US Citizens, but also for visitors to the US; Dmitry had at worst provided a presentation in the US. (he did not develop or design anything on US soil, nor was he a US citizen)

In the end, Elcomsoft was acquitted and fears were subsided. However, comments from the case indicate that foreign nationals developing software to circumvent DRM may not be advised to travel to the US. It appears that Elcomsoft was only acquitted based on their motives, not based on the legality of their actions, which jurors commented that they believed were in fact illegal.

they already do

[Ungrounded+Lightning]

I guess they are going to have to start making long, rectangular post-it notes now.

They already do. 3" x 5" for starters.

(The ones in my desk organizer are from Staples but I think 3M makes "real post-its" in that size, too.)

Re:they already do

[mr_death]

Heck, I have a 2 foot by 3 foot "post it" from 3M. Damn cool for brainstorming. Sticks well to windows and walls.

Not really: just add 1 letter

Add 1 letter and you've increased the time it takes to hack by 26x (although it's probably closer to 100x with punctuation and the like). So 25x is irrelevant. So is 250x. Only something that makes it non-exponential would really make a difference.

Re:Not really: just add 1 letter

too bad password length is exponential so its 26^9-26^8 assuming you are using only letters in 1 case

Re:Not really: just add 1 letter

Brilliant! I will go add the letter "x" to the end of all of my passwords.

Re:Not really: just add 1 letter

[k8to]

Great, now convince the computer users of the world to all use passwords one letter longer than they are currently using.

If you succeed I will buy you a unicorn.

Re:Not really: just add 1 letter

[zevans]

Everyone in our organisation has >=8 letter passwords. It's just a pity they write them down on sticky notes. Stuck to the display.

Re:Not really: just add 1 letter

[MilesAttacca]

I really wish I had modpoints to give you for that.

I myself have a 14-character password with letters, numbers, and special characters...but I tend to use it everywhere, and it's a year old. To me, you can practically have passwords that are strong, unique for each login, or changed often -- pick one.

But does it run Linux?

[flyingfsck]

Seriously, it looks like I should boot Linux on the GPU and use the CPU for general I/O. Then my PeeCee will be 25 times faster. See the cool ASCII graphics...

Re:But does it run Linux?

[eneville]

I wish I'd thought of that. I love aalib/ncurses, I should link to it more often in my perl scripts.

I'll take one of those!

[unix_core]

Hello, I would like to order one of your _cheap_ PCs, specifically the one with 128 GPU:s which I will turn into a supercomputer with this great software. I need it to recover my lost windows password. Thank you. And by the way do you still have those low-energy, standard socket 1.21 gigawatt bulbs?

Re:I'll take one of those!

[julesh]

Hello, I would like to order one of your _cheap_ PCs, specifically the one with 128 GPU:s which I will turn into a supercomputer with this great software.

Not 128 GPUs. A GPU with 128 pipelines, which is standard for a top-of-the-range card these days.

Re:I'll take one of those!

[unix_core]

You see, I was attempting something called a joke. The point of this particular joke was to illustrate the inaccuracy of this stupid article.
The article stated, I quote, "And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."

Note "128 processing units"... Am I supposed to assume they mean pipelines or just being clueless?

Re:I'll take one of those!

[julesh]

Note "128 processing units"... Am I supposed to assume they mean pipelines or just being clueless?

Well, given that a pipeline _is_ a processing unit, I don't see why either should be the case.

WTF

[GodCandy]

I have several comments many of which I will refrain from stating here.

1. Its a graphics card. It has a processor. So your trying to get a patent for the ability to use the processor on the graphics card. Needless to say you are using it for an operation other than what was intended but who cares.

2. I already have at least 5 and usually more like 20 brute force attacks aginst a server that host no sites or anything. I guess they just started scanning and found out it was running ssh. Good luck guessing my password. I cant even remember it sometimes. I do think it has 2 languages in it right now, guess I may need to upgrade.

I really don't see the need for a faster way to hack my computer. If you really want in that bad you probably dont need to be there in the first place. Damn script kiddies.

G

Re:WTF

[julesh]

I really don't see the need for a faster way to hack my computer.

Speaking as someone who's worked in outsourced IT support, having a faster way to hack my clients' computers is *really useful*. Because if there's one thing that's guaranteed, it's that the users will forget their passwords. Sometimes the admin ones.

Interesting, but it doesn't matter

[ZorbaTHut]

unless you're using a crappy password scheme like Vista's, for example.

This is a process that lets you brute-force passwords 25 times faster. That's pretty neat, I'm not arguing that. It's extremely clever. But this speed [i]shouldn't matter[/i], because cracking passwords a mere 25 times faster shouldn't matter either. The problem comes down to how people are designing a lot of password schemes. They're aiming for speed. The article says the new technique can try ten million passwords per second on a single computer. Division tells us that, beforehand, the computer could process 400,000 passwords per second.

When was the last time you had four hundred thousand users logging into a single computer per second?

Checking a password should be slow. Brutally slow. I mean, quite literally, that just checking to see if the user's password hashes correctly should take at least a hundredth of a second. You're not going to have a hundred users logging in per second on a single computer anyway, our modern database-driven sites couldn't handle the load of displaying the login pages, so why are we making our password schemes so flimsy?

If you use a slow password hash generation - and this can be something as simple as iterating MD5 over itself ten thousand times - whoever's trying to brute-force your password scheme is going to have a horrible, horrible time of it. Add a basic salt to the mix and you will not have anything to worry about from this. If your password checker takes a hundredth of a second, then 25 times faster means your adversary is going to spend $1300 on software in order to try 2500 passwords per second. If you have an appropriate salting system that's 2500 passwords for a single user. This is not the death knell for passwords, or anywhere near it. If anything, it's the death knell for crappy password hashes - but it's not even that, since you could trivially foresee things like this years in advance.

Brute-force password cracking, by its very nature, is millions of times more expensive than merely verifying a valid user. From there, it's up to you to determine how safe you want your passwords to be. Personally? I'm fine with wasting a few extra hundredths of a second per user.

Re:Interesting, but it doesn't matter

[flyingfsck]

All password checks on my machines take 10 seconds minimum. A strategic 'sleep(10)' does the trick. There is no need to calculate MD5 hashes repeatedly to waste an attacker's time. A nice sleep() allows the server to go do something more useful.

Re:Interesting, but it doesn't matter

The "sleep 10" idea is pretty much a waste of your time to code unless you also limit the number of incoming connections. It would be fine in the old days with a dedicated connection to a serial port on the back of the computer, but now all an attacker has to do is open up a few hundred connections to your machine and multiplex the attack. The attacker will not care that at any instant 99.9% of his connections are in the "sleep 10" state, as long as he can find one of the connections that is ready to accept another password.

http://utcc.utoronto.ca/~cks/space/blog/sysadmin/NetworkAuthDelays explains this issue, pointing out that all the delay does is annoy users who make typos, whilst not hurting attackers.

Re:Interesting, but it doesn't matter

[idiotwithastick]

unless you're using a crappy password scheme like Vista's, for example. I know that XP's sucked; could someone explain Vista's to me?

Re:Interesting, but it doesn't matter

[ZorbaTHut]

Which completely misses the point of my post :P

The password-cracking farm mentioned in the article is only useful if the person has a database of your encrypted passwords. Obviously, they're not going to write a sleep(10) in if they're trying to crack it - but doing ten thousand passes over MD5 isn't something they can just decide not to do.

With a local password authentication scheme, you of course want to limit the number of checks by IP (the sleep() is meaningless, they'd just hammer you with a million attempts at once and pretend like it's ten seconds of lag) - but that has nothing to do with the article or my post.

Re:Interesting, but it doesn't matter

[caluml]

What stops me from running 1000 login attempts via SSH in parallel then? (Assuming your SSH port is open, yadda yadda).

Re:Interesting, but it doesn't matter

[Stephen+Chadfield]

Fail2Ban http://www.fail2ban.org/

Re:Interesting, but it doesn't matter

[Dirtside]

Checking a password should be slow. Brutally slow. I mean, quite literally, that just checking to see if the user's password hashes correctly should take at least a hundredth of a second. You're not going to have a hundred users logging in per second on a single computer anyway, our modern database-driven sites couldn't handle the load of displaying the login pages, so why are we making our password schemes so flimsy?

You're missing the point. This is for when the attacker has acquired your password hash file and can be running the recovery on their own machines.

Re:Interesting, but it doesn't matter

[ZorbaTHut]

No, that is exactly my point. If it takes a hundredth of a second just to run the algorithm to check the password, it's going to be hellishly painful for them to crack that file. There's no way they can do ten million tests per second if it takes anywhere close to that long.

That's why the other person recommending sleep() was missing the point.

Re:Interesting, but it doesn't matter

[caluml]

The "yadda yadda" included that sort of thing. If he's running that, why would he need to delay any login attempts by 10 seconds then? (I use denyhosts myself).

Re:Interesting, but it doesn't matter

I think you are missing the point. It's not about cracking login passwords but rather cracking encryption passwords. Imagine $Important_but_paranoid_CEO having the company's most valueable data on an encrypted harddisk only he has the password for suddenly dying. Then you can and want to check passwords as fast as the hardware can.

Re:Interesting, but it doesn't matter

[ZorbaTHut]

No, it's the same point. In any situation like this you can determine just how fast you want the password-checking step to be. If you want instant reaction, you can set it up so you can decrypt it in a nanosecond. That'd be pretty damn fast - but it also makes it a lot weaker. Alternatively, you could set it up so the decryption step takes, say, ten seconds, which is probably what I'd do if my company's most valuable data was on a hard drive.

Of course then you'd be completely screwed if the CEO died or forgot his password. But it's still the same point. You can determine, at the time you build the encryption schema, both how fast you want it to be accessed and how brute-force crackable you want it to be. (This being, of course, the same value.) People don't seem to realize this for some reason but it's true.

(To hold off anyone saying "lol a filesystem with 10 second access time, that would be terrible" - use a two-tiered encryption system. Ten seconds to decrypt the block with the "real" password in it, which is a 2048-bit symmetric key, then decrypt the rest of the filesystem using that one. It only takes ten seconds to open it, and then it's open and fast until you close it again.)

Re:Interesting, but it doesn't matter

[Dirtside]

There's no way they can do ten million tests per second if it takes anywhere close to that long.

If it takes a hundredth of a second on general-purpose computer X (100/sec), then custom hardware Y designed to run the algorithm in hardware will take maybe a microsecond to execute the algorithm (1,000,000/sec). And custom hardware Y is a chip that you can put 16 copies of on a single logic board, so you can actually do 16 million executions per second per board. (Or, as in the article, you buy bulk GPUs that are already very fast at the kind of logic needed.)

If the algorithm takes a hundredth of a second even on special-purpose hardware, then it would take several minutes to execute on a general-purpose machine, which would make it useless in practice. Also keep in mind that any algorithm which took 100ms on (say) a modern 2 GHz CPU to execute, would likely be cryptographically very weak, relying on many loops; there'd almost certainly be a shortcut version of the algorithm that could be executed in a fraction of the time, even on a regular CPU.

(Also keep in mind that hardware keeps getting faster, so even if it takes 100ms today, it'll take half that in a year.)

Re:Interesting, but it doesn't matter

[ZorbaTHut]

Perhaps. However, the article isn't talking about custom hardware, this is talking about using generic hardware as a highly parallel processor.

Also, what makes you think it would be cryptographically weak?

for($i = 0; $i 1000000; $i++)
    $data = md5($data);

Go ahead and find a cryptographic flaw in this :P

Yes, if they get your password file and build custom hardware to implement your decryption routine, they'll have a big advantage. But that's expensive, and you can still make it a lot harder for them.

Like this one. Impressive!

[miknix]

Like this one that's capable of searching the full 8-character keyspace (from a 64-character set) for SHA-1 in about a day! Impressive!

http://nsa.unaligned.org/

Ob. Bash Quote

[0100010001010011]

Cthon98> hey, if you type in your pw, it will show as stars
Cthon98> ********* see!
AzureDiamond> hunter2
AzureDiamond> doesnt look like stars to me
Cthon98> AzureDiamond> *******
Cthon98> thats what I see
AzureDiamond> oh, really?
Cthon98> Absolutely
AzureDiamond> you can go hunter2 my hunter2-ing hunter2
AzureDiamond> haha, does that look funny to you?
Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond> thats neat, I didnt know IRC did that
Cthon98> yep, no matter how many times you type hunter2, it will show to us as ******
AzureDiamond> awesome!
AzureDiamond> wait, how do you know my pw?
Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 ause its your pw
AzureDiamond> oh, ok.

Re:Ob. Bash Quote

OMFG that's hilarious... I almost peed... bastard!

Re:Ob. Bash Quote

[XHIIHIIHX]

hey who let this guy on slashdot?

Re:Ob. Bash Quote

[MadnessASAP]

Sorry sir, he must have snuck past the guardd. God only know how though with a brain like that he should be barely able to breathe and type at the same time. Anyways were taking him around back to harvest his organs as we speak.

Re:Ob. Bash Quote

abacus51552 ..

Figured I'd test it out on slashdot.. Did it work guise?

Funny...

[nevali]

White hats read "password recovery"

Black hats read "password cracking"

Let's get some of the obvious memes out of the way

[rickb928]

All your passwords are belong to your GPU....

In Soviet Russia, GPU cracks YOU!

I, for one, do NOT welcome our new password-cracking GPU overlords...

Imagine a Beowulf... oh crap, I gotta go change all my passwords... Just a sec...

What, I gotta use how many different Unicode languages?

Recovery?

[olddotter]

When did it start to be called "password recovery" instead of "password cracking"?

ElcomSoft

a company called ElcomSoft

How short Slashdotters' memories are. ElcomSoft is the Russian company Dmitry Sklarov was working for when he wrote the ebook software that got him thrown in jail when he visited the USA, after Adobe made a DMCA complaint against him.

Re:Nothing for you to see here. Please move along.

[It'sYerMam]

Or rather... you can't.

Release how?

I can now release the 12,000 monkeys I kidnapped for the task.

Goatse Guy, is that you?

(capcha: probed)

ElcomSoft == Bunch of Idiots

First and foremost I can get many orders of magnitude better performance by using rainbow tables against stored OWFs today without a GPU. No salts, no problem :)

Secondly precisely which part of a brute force algorithm is deserving of a patent? Is it the part that runs the same encryption routine used to encrypt the data in the first place they of course had no part in writing or the binary compare function (memcmp) that checks to see if there is a match?

I'm using a vendor API to execute the same trivial codes on a GPU somehow I feel like I have something that is not exceedingly obvious or in any way useful for NTLM cracking when we already have a much better solution? (Rainbow Tables)

ElcomSoft

[Matt+Perry]

a company called ElcomSoft

That's who Dmitry Sklyarov worked for.

so linux boot SAM over-write ...

do i see this good ? i can kill a windows pass in a 2 min process, booting over system a small Linux pack to delete administrator pass, whoops, seems I forgot again windows is so strong in password protection :))

Re:so linux boot SAM over-write ...

[Slashcrap]

do i see this good ? i can kill a windows pass in a 2 min process, booting over system a small Linux pack to delete administrator pass, whoops, seems I forgot again windows is so strong in password protection :))

I swear that one day I'm going to make a WinPE CD with Ext2/Ext3 support included, just so that people can use it to do the same thing to Linux systems with Windows and wipe the smug grins off the faces of people like you.

There are many ways in which Linux is better than Windows. This is not one of them. Anyone who believes it is knows more about Windows than they do about Linux.

Nope!

[Colin+Smith]

now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages. Nope... Now, we want blood!

so the GPU was quite useful than I thought...

[garompeta]

Who could have imagined that passwords were crackeable with the GPU another quite useful task besides frying eggs on the heatsink. Isn't it interesting that the heatsinks are coming bigger and bigger? I would like to ask to the industrial designers and engineers to design one with the shape of a fry pan, that would make my job easier...

Re:so the GPU was quite useful than I thought...

[DriveDog]

With Teflon. Or perhaps a two-piece hinged heat sink from George Foreman?

Re:so the GPU was quite useful than I thought...

[zevans]

[quote]
With Teflon. Or perhaps a two-piece hinged heat sink from George Foreman?
[/quote]

The lean, mean, pwning machine!

There aren't three

[zippthorne]

More like two.

"Something you have" is just a fancy "something you are" or "something you know" It's always either an overblown password or an ID marker.

"something you are" is crap security. Retinal scans are far too invasive, and iris scans are easily spoofed. Thumbprint scans aren't even all that unique. See mythbusters for a demonstration. Although they're usually pretty sloppy, I think their efforts on this front prove that biometrics are really hard, if not impossible to weed out the spoofing.

A user name is more than sufficient. Or even just an account number. The "something you have" ID badge can make this go quicker by having a bar code or RFID to enter your user name for you.

"something you are" is a claim. "something you know" is the proof.

Re:Let's get some of the obvious memes out of the

[Lunzo]

Dude, please only use one meme per post max. That way several people can post different memes and the Karma gets shared around. The exception to the rule is if you put together a bunch of memes to make one super meme.

e.g. In Soviet Russia, I for one welcome a beowulf cluster of GPU overlords (do they run linux?) who brute-force my password, which is coincidentally the same combination as my luggage, twenty-five times faster than YOU!

This is possible and we use such a thing

[gr8dude]

People already write their passwords and leave that on their desk, and leaving the physical usb key on the desk would be no better.

Take a look at this secure logon for Windows program. It brings multiple factors of authentication into the game, so a smart card or a token is also PIN protected. If you leave it on the desk and someone steals it, they'll block the key after 3 invalid PIN enter attempts. It's pretty secure, because even if the PIN is trivial, you only have three attempts to guess it, since brute-forcing is out of the question.
The program also has an option which forces the user to remove the key from the PC once they are logged on (so that it is not forgotten in the reader, or in the USB port of the computer).

What could be really cool, however, is if the device doubled as your key-card to get into the office.

It is possible; we have a lock at the main entrance that can be unlocked either by entering a PIN, with a fingerprint, or with a contactless smart card. Now, if you have one of those smart cards with two interfaces, you can use it for both - the main entrance, and for Windows authentication.

If there is still free space on the smart card, you can use it with other programs too (ex: store your digital certificate on it and sign emails, etc)

PS3

[ilitirit]

Anyone ever considered using the PS3 for stuff like this? Seems like you have all the processing power you need (relatively speaking), but what else would you need to take into consideration?

I wonder ...

[DerWulf]

... if there is any legit application for this. Yeah right: "password recovery". If someone lost their password usually the entity in charge of the authorization database (oder equivalent) just resets the password. It's not like GMAIL going "oh shit, someone lost his password. Spin up the brute force cracker. This is the fith today, I'm telling you we are almost out of processing power".
And security research? Isn't password security a straight forward calculation that doesn't need to be empirically verified?

Re:I wonder ...

[Tezdoll]

The "law" uses this. When they get a pedo and his Laptop/desktp/server and he says, "i ain't tell you shit". Then you just power up the brute force find his passwords and get on with life.

Re:I wonder ...

My father died suddenly in a traffic accident. He didn't write his password down on a sticky next to his PC, there was no safe deposit box, etc.

Shit happens.

Applying for a patent on using the GPU for XYZ?

[argent]

Oh Christ.

I see a whole new class of innovation-crushing patents coming up.

I think it's past time that ATI or nVidia came up with a new name for their stream coprocessors than GPU, something that makes them sounds like the computation engines they are instead of some kind of jumped up blitter.

Hmmm...

[slapout]

...3d graphics and passwords....I guess that scene in Jurassic Park was realistic after all!

Re:Let's get some of the obvious memes out of the

[rickb928]

Oh my. I've trampled someone's Karma.

I am really sorry. I just couldn't help myself, what with this post being about near total pwnage and all.

It's just a matter of time, really before all our passwords are cluster-pwned by our GPU-slinging post-Soviet overlords, and we're belong to them. With my credit card maxed by their unlocking my combinations, I won't be waiting for my luggage to come down first, believe me...

Better?

And sadly, it appears I an now one of the 'others'. Do that again, I will not, no...

Not hard to remember...

[vistic]

Just make your password a sentence without spaces. Like "Whoneeds30characterlongpasswords!?" in fact that's better than 30 right there. Not doing the Unicode from 8 languages though.

Re:Nothing for you to see here. Please move along.

[mollymoo]

You can play Doom but nothing too much more recent, as the CPU will be doing the rendering.

The problem is the name... pass "word"

[zevans]

Should be passphrase, or passacronym, or pass-date-backwards-plus-randomTLAoftheday-plus-half-the-car-registration-mark

People choose words because they think "password... meh." WRONG. The whole vowel+consonant thing instantly destroys a huge chunk of entropy, for instance.

Tech is not the issue - basic tuition on WHY you have a password and WHY you don't give it out is what we need.

(The CIO's office can help by ensuring single-sign-on actually works!)