Generating Fast MD5 Collisions With ATI Video Cards

An anonymous reader writes "Yesterday at Black Hat USA 2009, a talk entitled MD5 Chosen-Prefix Collisions on GPUs (whitepaper) (Both PDFs) presented an implementation written in assembly language for ATI video cards that achieves 1.6 billion MD5 hash/sec, or 2.2 billion MD5 hash/sec with reversing, on an ATI Radeon HD 4850 X2. This is faster than the much-publicized 1.4-1.9 billion hash/sec figure that was supposedly reached on a PlayStation 3 by Nick Breese at Black Hat Europe 2008 (he later noticed an error in his benchmarking tool). Compared to the cluster of 215 PlayStation 3s that was used to create a rogue CA in December 2008, Marc Bevand claimed a cluster of 12 machines with 24 video cards would be a bit faster, consume 5 times less power, and be 10 times cheaper."

Re:first

[Yvan256]

Generated with the help of an ATI card, I assume.

The fast collisions are the worst

[noidentity]

Slow collisions don't do much damage, but the fast ones can leave an awful scene. At least they're being honest and calling them collisions instead of "accidents". Er, wait, was the headline supposed to read "Generating MD5 Collisions Quickly with ATI Video Cards"?

1.6 > 1.9

Yes, 1.6 billion/sec is much faster than 1.9 billion/sec.

Easier Way

[Hal+The+Computer]

If all you want is a signed SSL certificate, I suspect it would be easier to bribe an employee at a CA to skip a few steps when validating you.

Re:Easier Way

[operator_error]

Hey, if that's all you want, I'll give you a signed certificate, and my mother will recognize the signature too. No bribe required, but tips will be graciously accepted, of course.

Re:Easier Way

[lorenlal]

Achieved new skill Digital Signing (apprentice)!

Re:Easier Way

It would be harder than you seem to think. It's not just any old fake cert they created. They created a CA certificate. That is, a certificate that can be used to issue other certificates. You can issue any many of these "other" certificates as you want and they will look legitimate.

It's very rare for a real CA to issue a certificate like that. That is the "top of the food chain" in certificates so to speak. You would have to bribe a fairly high level employee to get something like that. They keep those high level keys very well protected and there are only a few people that even have access to them.

Re:Easier Way

[operator_error]

Enjoy it while it lasts, because I plan to charge exorbitant rates soon, just like Verisign.

Credibility? Fine. Mine vs. Theirs.

Sincerely, Operator Error.

Re:Easier Way

[kestasjk]

CAs are incorruptible, we all know this.

Re:Easier Way

[Yvan256]

That's good to know!

Re:Easier Way

[Feyr]

yeah

if by high level you mean just about any of their sysadmin with access to the website? getting access to the actual key is unneccessary. you only need to be able to get something signed without them checking for some fields (ie, existence of CN, or capabilities bits..)

sure you might not be able to bribe verisign (though i doubt that) but in this case you only need to bribe one sysadmin from one of the big-name CA (any which has a certificate in your browser will do)

Re:Easier Way

[kju]

Totally bullshit. For signing another CA the CA can (and will) use the same key as they use to sign "ordinary" certificates. After all the difference between a CA and a non-CA certificate is just a flag in the X509v3 extensions in the cert. There is no special "high level key" which is only used for signing a CA certificate. Any key/certificate which build a certificate chain up to a root cert will do.

Sensible collissions that don't affect size?

[Animaether]

Somewhat off-topic, but I guess related all the same...

Nobody should use MD5 for authentication and whatnot... and even as a 'checksum' of sorts you have to be careful (i.e. make sure that the source of the MD5 text/file isn't the very same source as the file it was generated for, as a compromised file probably means the MD5 string would be equally compromised).

But I'm curious.. are any of the attacks capable of injecting new data that..
1. doesn't affect filesize - the wiki mentions that successful attacks can prepend and append, but presuming you'd include the file size with the MD5 string, that would be another parameter to check
2. actually does something.. be it useful or nefarious, rather than just crash the app or insert gibberish in a text document, etc.

e.g. if I took the declaration of independence as a .txt file, are there any attacks that could subtly, or non-subtly, change the wording without increasing or decreasing the size of the file, and still match an original MD5?

--

On-topic: cool; but not particularly new? Most everybody knows that GPUs are great at taking in a tiny bit of data, crunching it, and spitting a result back out. Kudos for actually writing optimized code for the given platform (in this case an AMD/ATi GPU), but it's still the same number crunching instead of an improved method.. correct?

Re:Sensible collissions that don't affect size?

[neokushan]

Presumably (and I'm making a lot of assumptions here, I don't know enough about the subject), you could just snip the file by however many bytes the process would append to it, so when it does all of the calculations and appends it, it ends up the same size.
Also presumably, it would mean the last few bytes of the text file would be utter garbage.

Re:Sensible collissions that don't affect size?

[Brian+Gordon]

actually does something.. be it useful or nefarious, rather than just crash the app or insert gibberish in a text document, etc.

The point of the attack is that you can change the file to whatever you want, prefix some ignored garbage, and end up with a file with the same md5. So yes you could do something useful or nefarious by changing the file usefully or nefariously.

Re:Sensible collissions that don't affect size?

The attack that is mentioned in the story, the creation of the rogue CA certificate, is an example of a successful MD5 collision attack with a practical application. The "random" garbage was inserted in a part of the certificate signing request which is opaque to the certificate authority. That was also an example of a useful collision attack, so these are actually dangerous (not just pre-image attacks).

Re:Sensible collissions that don't affect size?

[nedlohs]

Nobody should use MD5 for authentication and whatnot...

Signing a hash is a very common method in cryptography. DSA for example signs with SHA-1 (SHA-2 these days), if you sign the unhashed message it isn't DSA.

Re:Sensible collissions that don't affect size?

[bhima]

I don't think folks have to avoid MD5 as strongly & immediately as you suggest... the attacks are for the most part theoretical or require more compute power / patience that people outside of this blackhat con can muster. It was my understanding the PS3 cluster actually got a cert which could be used nefariously... and this guy showed he could do it cheaper and faster. This is perfectly inline with my understanding: Attacks always get better, they never get worse. So I suppose it is time to work out a migration plan for whatever uses MD5

On your closing comment: I think the author was suggesting that if people had been paying attention a lot more of them would be using ATI GPGPU clusters for stuff they used to use Vector processors and now use fleets of X86 variants for.

I don't completely disagree with him but there a lot of small GPU clusters out there and there are a lot of reasons why more people haven't really got with the program. I think the biggest reason is the difficulty developing for GPGPUs. It's not the hardest thing I've ever done but it really takes a deliberate effort to get into a different state of mind. And the ATI SDK just plain sucks. I'll take the performance hit and develop using a C superset with a NVIDIA target. The process can run during that extra time I am not pounding my head against a hard flat surface. Actually now that I think of it, I've just kept a lot the old FORTRAN code I have and used the NVIDIA kit... rather than porting to the ATI SDK.

Having said that I don't think that this state will last long at all. The rate of increase of performance in GPUs is steeper than that of CPUs; AMD & NVIDIA are really serious about getting into the general compute market (with the same or similar chips to what they already market); The power consumption, cooling, and noise are all really favorable.

I am sort of curious what OpenCL will be like, being a Mac user... but here lately Apple has been going further out of their way to make things suck, so I am not holding my breath.

Re:Sensible collissions that don't affect size?

Is this the stuff bittorrent uses? If so, a nefarious party could torrents.

OTOH, it could also be a defence:

- Yes, downloaded metallica.mp3 from TPB and I was seeding it for a week, but I was just trying to get my hands on some of the random noise that the RIAA is injecting, honest.

Re:Sensible collissions that don't affect size?

[llamalad]

I did some custom file 'fingerprinting' work some time ago when management didn't want to spring for Tripwire. For each file, the system stored both the md5sum and an shasum in addition to the file size. Figured that it was sufficiently improbable that a single altered file could collide in both hashing functions, particularly without changing in file size.

Granted, a rootkit could probably mess with return values to make it look as though the file hadn't changed at all, but at that point monitoring binaries and config files for changes isn't going to help.

Re:Sensible collissions that don't affect size?

[KillerBob]

Nobody should use MD5 for authentication and whatnot... and even as a 'checksum' of sorts you have to be careful (i.e. make sure that the source of the MD5 text/file isn't the very same source as the file it was generated for, as a compromised file probably means the MD5 string would be equally compromised).

If you're using MD5 as a way to verify that the file isn't festooned with viruses. I don't think that was the intention of MD5 from the beginning, though, as it's a pretty useless way of going about it... all it really tests is whether the file you've got on your hard drive is (roughly) the same as the file on the source computer. That still doesn't prevent the person who uploaded it in the first place from putting in malicious code or the like. If you want to ensure that it's got no viruses or malicious code in it, then invest in a proper antivirus, keep it up to date, and scan everything you download. If you're *really* paranoid, download it into a jail, wait a couple of weeks, and *then* scan it with your antivirus before opening it.

The main reason I have used MD5 in the past, however, is to verify that a CD I'm downloading is a good download... good thing to know before you burn a coaster with the ISO. Not so much an issue now that I have a fat pipe that's reasonably reliable and blanks are cheap, but years ago, when I was on a slower connection that dropped packets at random, I burned several coasters. When blank CD's were $1 each, that got to be very expensive. Enter MD5 and other redundancy checks that could be done on the image before you wasted a CD. In that case, it doesn't matter that the MD5 is on the same host as the file you're downloading... you're not checking whether the file is compromised, you're checking whether you have the same file as the host.

These days, I don't bother with MD5, for the simple reason that all of the large downloads I do come with software that does it automatically. It's built into the BitTorrent protocol, just as it's built into Microsoft's Intelligent Downloader service, World of Warcraft's built-in updater (which is itself based on BitTorrent), Apple Updates, most Linux-based package management tools, and most of what else the audience of Slashdot would use to download. There's even a few FTP and HTTP direct download clients that automatically handle the MD5 checking for you.

Re:Sensible collissions that don't affect size?

[kasperd]

The point of the attack is that you can change the file to whatever you want, prefix some ignored garbage, and end up with a file with the same md5.

What you are describing is a second preimage attack. Nobody have achieved that against md5. What has been achieved so far has only been collision attacks. The first collision attack against md5 was demonstrated in 2004. Later some better collision attacks were demonstrated, in which you can choose the prefixes. The chosen prefix attack works in the following way. Attacker chose two different prefixes of the same length. They can be anything, they don't even have to be the same file format. Then use the collision attack to produce some random data to append to the two prefixes about 128-192 bytes are appended to each file. After this the attacker can append anything he wants to both files, but this part has to be the same on both files. The two files will have the same md5 hash. The attack can also be used with a set of more than two files. You have a bunch of prefixes, you then use the attack on the smallest two of them, at which point those two files will be colliding, so you group them together and for the rest of the attack consider them as one. They grew a bit longer, so when you then go ahead and choose the two smallest files again, that could be two different files. Repeat the attack over and over again until there is only one group with all the files. If you started out with prefixes of identical length, you would be pairing the files in a binary tree structure and append a number of bytes that was logarithmic in the number of files.

Re:Sensible collissions that don't affect size?

[kasperd]

So I suppose it is time to work out a migration plan for whatever uses MD5

The first collision was demonstrated about five years ago. Anything that relied on collision resistance, should have been migrated away from MD5 at least four years ago. The attack in 2004 just wasn't taken serious enough.

Re:Sensible collissions that don't affect size?

What's the point of using straight MD5, though? CA's are one thing, but MD5 is also often used for password hashing, authentication, etc. In many cases it's just as easy to implement something in the SHA family or RIPEMD-160 or whatever else, and even if you're using MD5, you can at least salt it or hash it several times to make cracking it more expensive. It's not much more work to make it a little more secure, so it seems like it's worth doing if you're going to depend on it as a "layer of security."

Re:Sensible collissions that don't affect size?

[Brian+Gordon]

Oh, sorry

Re:Sensible collissions that don't affect size?

[tepples]

If you want to ensure that it's got no viruses or malicious code in it, then invest in a proper antivirus, keep it up to date, and scan everything you download.

Newly released viruses don't appear in antivirus programs' signature lists.

Re:Sensible collissions that don't affect size?

[KillerBob]

good job reading the sentence that came right after the one you quoted. :)

posible whit nvidia too

Aren't there already a bunch of tools to do this whit nvidia cards (I remember using one).

Re:posible whit nvidia too

[Pinky's+Brain]

Yep, there are both collision checkers and crackers for CUDA too ... ATI is significantly faster though (this kind of computation bound stuff is ideal for them).

So how about NVIDEA ?

[lbalbalba]

There supposed to be faster, right ?

Not again

[Tubal-Cain]

...consume 5 times less power, and be 10 times cheaper

*sigh*

Re:Not again

You have a problem with them paying you to use negative power?

Re:Not again

[geckipede]

Clearly nuclear powered with an overall electrical output enough to supply four other units.

Re:Not again

[Tubal-Cain]

I wouldn't, but they haven't paid yet!

Re:Not again

[Tubal-Cain]

And it prints money.

Re:Not again

You realise there are costs involved other than the cost of the power used?

The summary is saying that the GPU based cluster would consume 5 times less power than the PS3 one did, and the cost INCLUDING HARDWARE COST would be 10 times less. (Presumably the PC/GPU boards are more expensive than PS3 units, but far fewer are needed).

The sentence makes three assertions - that it would be a bit faster, that it would use less power and that it would be cheaper. No casual linkage is implied by the structure of the sentence.

Re:Not again

[geckipede]

A system will use one times its own power use. One times less power use means using zero power. Five times less power use means using negative power.

Re:Not again

I'm not sure which is sadder: that the summary made this glaring error; that the slashdot editor didn't think it sufficiently important to fix it; or that you had to explain it.

"We will turn mountains into sea, and the skies into rivers, the fjords into deserts, and the deserts into flatland ... into icebergs, and the icebergs into fire, and the fire into a mighty, rushing wind which will cover the face of the earth and wipe clean the scourge of woolly thinking once and for all." -- The Supreme Being, in "Time Bandits".

Re:Not again

[Jarjarthejedi]

It's not an error. Times Less = 1/x times as much in language, and has done so for 3 centuries

"Jonathan Swift, for instance, used it in 1711, writing "I am resolved to drink ten times less than before." It wasn't till the 20th century that language commentators - not mathematicians - came up with the notion that "three times closer" and "100 times slower" were illogical and confusing."

from http://www.boston.com/news/globe/ideas/articles/2007/10/21/do_the_math/

Just because it sounds like it can be misinterpreted doesn't mean it's wrong. "5 times less" in english is the same as 1/5 in mathematics.

Re:Not again

[geckipede]

So I can say "half times less" when I mean double?

Re:Not again

7dB less power.
10dB less money.

If everyone would only state these ratios in dB, we'd have 13dB less miscommunications, and life would be 6dB more fun.

Re:Not again

Yes, but I doubt the judge will be sympathetic to you when you get your face broken.

Re:Not again

[Tycho]

Could we just drop the deci- prefix and go with bels instead? Deci- isn't an SI prefix and it makes bels, an already hard to understand measurement for stupid^W lay people to not get confused by, something even harder to comprehend for these individuals.

Re:Not again

[91degrees]

Well, the payment is pretty good but I don't think I can manage the economies of scale to produce energy at half the cost of a major power company.

Re:Not again

[91degrees]

Deci- is a valid SI prefix.

I don't think changing things at this stage would help. People are generally aware that decibels indicates loudness (although they do seem to consider it an absolute linear scale). Talking about "bels" would make them wonder just what you're on about.

Re:Not again

[qubezz]

Drop the deci prefix? Like meter: right to centimeter, and millimeter? Are you advocating we go right to centibels?

Some prefixes have just become more commonly used, as they lay within the range of human perception and usefulness, and translating to another SI unit is a mental step. Like your lay person wouldn't grasp that the speed of light is 300 megameters per second, since we stop at kilometers in our normal usage. The logarithmic measure of energy keeps the size of the number comfortable, and makes it match human perception (which perceives energy non-linearly). The deci- prefix scales the measure to human perception since the smallest perceivable change in sound level is about 1dB (instead of .1B)

A decasecond with Google shows me that deci has been a metric (now SI) unit since 1795.

Before this, maybe you should advocate get kilocalores properly identified as such, or replaced by joules in common usage.

24 video cards...

[anss123]

In one machine? Really?

Re:24 video cards...

[xororand]

RTFS again.

Marc Bevand claimed a cluster of 12 machines with 24 video cards [...]

Re:24 video cards...

[Tubal-Cain]

= 288 video cards
;-)

Re:1.6 1.9

[kundziad]

or 2.2 billion MD5 hash/sec with reversing

Keep in mind I have completely no idea what "reversing" means.

Re:Basic English skills?

[eclectro]

consume 5 times less power, and be 10 times cheaper

Actually I'm more concerned about the rise of the eco-cracker. The "green cracker" who wants to have a low carbon footprint and crack into your bank account inexpensively.

So Who Said That ATI Cards Aren't Programmable?

[Nom+du+Keyboard]

So who has been saying all along that GPU compute on ATI cards just isn't up to snuff? I doubt that they picked out an ATI video card to use because it was too difficult, or the programming tools too immature, or the programming interface documentation too incomplete or secret, to provide an effective demonstration? I would expect rather the opposite to be true and that GPU compute on ATI cards already works well and will only get better over time.

Re:So Who Said That ATI Cards Aren't Programmable?

Maybe they picked ATI because they specifically wanted a challenge. In reality any GPU is nontrivial to write general-purpose algorithms on (that's why it's a GPU instead of a CPU). The fact that one person managed to do this task does not mean that anybody else would be able to do so.

dom

Re:So Who Said That ATI Cards Aren't Programmable?

I doubt that they picked out an ATI video card to use because it was too difficult, or the programming tools too immature, or the programming interface documentation too incomplete or secret, to provide an effective demonstration?

Perhaps you underestimate the perversity that some hackers will resort to when seeking out a challenge.

Re:So Who Said That ATI Cards Aren't Programmable?

[Pinky's+Brain]

ATI cards are programmable, Brook+ is just a little too high level for writing simple computational kernels (you drop too much performance) and CAL too low level for most people (it's basically assembly). So generally people just stick to CUDA, even in the few cases where ATI's architecture is superior.

This problem is ideal for ATI, very little input necessary (NVIDIA has more texture samplers) and no inter thread communication necessary (ATI does not have random writes on it's local data share at the moment, making that communication harder than it is with NVIDIA). So basically it just comes down to FLOPS and ATI wins big there.

Basically this was done in CAL because it was done by a hacker and not by an academic researcher (who doesn't really care about performance if he can just as easily get his paper published on a slower GPU with less effort, easier in fact since editors know CUDA).

Re:So Who Said That ATI Cards Aren't Programmable?

[True+Grit]

So who has been saying all along that GPU compute on ATI cards just isn't up to snuff?

Mainly people who haven't been paying attention to what ATI has been doing since AMD bought it and began merging tech ~3 years ago, along with the usual business/management changes that go with that kind of consolidation. Basically today's ATI isn't the ATI of just a few years ago.

To be fair to those folks, the Radeon HD 4800 series is, roughly speaking, less than 2 years old, with the 4850 X2 being only ~1 year old. Before the HD 4800 series came out (based on the RV770), which was the *second* generation of ATI's tech to come out since the AMD takeover, ATI was in fact trailing NVIDIA in raw performance.

So unless you've been shopping recently for a new graphics card, and thus doing a little research before buying, you may not know whats been going on in the graphics world, heck, there's probably many folks who still don't know that ATI is now a wholly-owned subsidiary of AMD, referred to as the "Graphics Product Group" within AMD, and that "ATI" is now just a brand name AMD kept for marketing purposes.

No tech needed

[NotQuiteReal]

if I took the declaration of independence as a .txt file, are there any attacks that could subtly, or non-subtly, change the wording without increasing or decreasing the size of the file

Just add politicians and wait...

MD5 collisions in MD5

I am currently interested in collisions in the 128 bit space of MD5 (just for fun). But I couldn't use the billions of hashes/sec, as the limiting factor is the hard drive (I have to compare all hashes to all others, since I am looking for _any_ collision).
Do not tell me how futile it is to find them. Probability calculations are welcome though ;-)

Re:first

why stop here, put 4 ati 4850 X2 cards in each machine...

Re:Basic English skills?

[maugle]

As someone who was once just as annoyed by this nonsensical statement, let me give you some advice: Let it go.

People are able to grasp the meaning of the statement, and it's in use by so many people now that I've stopped trying to fight it. After trying to explain so many times why "X times less" is wrong, I've given up. I suggest you do, too.

...

"Enthused" still annoys me, though.
And "I could care less" pisses me off to no end.

Re:1.6 1.9

[Ihmhi]

It means going backwards, or turning something around.

OpenCL Anyone?

[PhunkySchtuff]

It would be very interesting to see if this class of algorithm ports easily to OpenCL - the GPGPU technology built into the upcoming 10.6 version of Mac OS X:
http://www.apple.com/macosx/technology/#opencl

If so, this kind of attack suddenly becomes very easy to gather the compute power for and a lot easier to code as you don't need to do the low-level stuff yourself.

Re:1.6 1.9

[kasperd]

The numbers don't add up no matter how I turn them. He claims to be getting 14% more performance from each graphics card than from each PS3. That means he need 12 machines with 24 graphics cards each to match the speed of a 215 node PS3 cluster. So because he get 14% more performance per node, he only need 34% more nodes to achieve the same performance. That does just not make sense to me. The 24 graphics cards in each machine also sounds unlikely. Maybe it was 24 in total, so 2 per machine. In that case 14% more performance per node means he need 89% fewer nodes. That does not make sense either. So, how are the numbers supposed to be interpreted?

I don't understand why anybody still finds it newsworthy when somebody come up with faster collision attacks against MD5. We already know, that collisions can be generated for MD5, and they can be generated fast enough, that we have to worry about it. It no longer matters exactly how fast they can be generated. If somebody managed to come up with a practical second preimage attack against MD5, then it would be newsworthy.

Todays new: CPUs processes data!

[myforwik]

Why is this news? This is worse than distributed.net brute forcing 56bit keys. Yes MD5 is crap, we don't need an example of everytime someone hooks up some new processors to break it.

Re:1.6 1.9

[Savior_on_a_Stick]

The numbers don't add up no matter how I turn them. He claims to be getting 14% more performance from each graphics card than from each PS3.

No. He didn't say that.
The performance difference was the cluster of 12 pc's with 24 cards, to the cluster of 215 PS3's

So, how are the numbers supposed to be interpreted?

Why are you interpreting them? They seem pretty clear as written.

I don't understand why anybody still finds it newsworthy when somebody come up with faster collision attacks against MD5.

It was newsworthy in January when it was first presented to the CA's.
It's newsworthy now because it's a significant per processor performance increase.
If you had read the article and not interjected your flawed interpretation, that would be obvious.

We already know, that collisions can be generated for MD5, and they can be generated fast enough, that we have to worry about it. It no longer matters exactly how fast they can be generated. If somebody managed to come up with a practical second preimage attack against MD5, then it would be newsworthy.

It's newsworthy due to the application to certain mathematical processes.
No one said this was "zomg - the internet is falling."

Well that explains it!

[MattGWU]

Huh, so that's who bought all those PS3s.

Re:1.6 1.9

[kasperd]

No. He didn't say that.

The slashdot summary says that. In the actual slides he claim that the PS3 code is about 20 times slower than the people who wrote it said, and that a single graphics card can achieve the same as 20 PS3s.

It was newsworthy in January when it was first presented to the CA's.

What was newsworthy at the time was mostly, that CAs and browsers were still using a flawed algorithm. As far as I know, most browsers will still accept MD5 signatures. There wasn't much news in the attack, it was well known that it would be possible. So really the news was just that the people responsible for the security of the web ignore known flaws until it has publicly been demonstrated that somebody is willing to spend time on actually performing the attack without making a profit from it. Thus the news was about IT security, but it was not news about cryptography.

It's newsworthy now because it's a significant per processor performance increase.

Assuming the factor of 1.14 from the slashdot summary is incorrect, and the factor of 20 from the slides is correct, then the increase is enough to be newsworthy. In that case the news is, that graphics cards hold an enormous amount of unused processing power. That's interesting news, but doesn't really have anything to do with security.

If you had read the article and not interjected your flawed interpretation, that would be obvious.

It's not my interpretation, it is taken directly from the slashdot summary.

Is it time for a new math copro war?

[VincenzoRomano]

Back when CPUs didn't include an FPU (aka mathematical co-processor) by default, there used to be different choices by different chipmakers.
It'd be interesting to have a modern days mathematical monster installed in every PC for a number of different tasks, from 3D rendering to ... ehm ... secury experiments :-)

Re:1.6 1.9

[DaVince21]

The slashdot summary says that. In the actual slides he claim that the PS3 code is about 20 times slower than the people who wrote it said, and that a single graphics card can achieve the same as 20 PS3s.

12 PCs with 24 graphics cards reach about the same amount of MD5 collisions as 215 PS3's do. I think that comes fairly close, yes.