Blazing Fast Password Recovery With New ATI Cards

An anonymous reader writes "ElcomSoft accelerates the recovery of Wi-Fi passwords and password-protected iPhone and iPod backups by using ATI video cards. The support of ATI Radeon 5000 series video accelerators allows ElcomSoft to perform password recovery up to 20 times faster compared to Intel top of the line quad-core CPUs, and up to two times faster compared to enterprise-level NVIDIA Tesla solutions. Benchmarks performed by ElcomSoft demonstrate that ATI Radeon HD5970 accelerated password recovery works up to 20 times faster than Core i7-960, Intel's current top of the line CPU unit."

My password is safe

Because it's in my pants!

Re:My password is safe

[idontgno]

Dude, haven't you heard? It's really insecure to use such a short password. And yours is surely the shortest EVAR.

Re:My password is safe

[rickb928]

Yep, and you can be sure no one else will be using it...

In fact, no one will have any interest in it at all. Your 'secret' is safe!

Re:My password is safe

[MiniMike]

Does that mean it's "dicktionary" based?

Obviously there's also no minimum length requirement...

Re:My password is safe

[Linker3000]

Try resetting someone's password to 'obvious' when they call in with a 'forgotten password'. Then see how long you can string them along by saying "I've reset your password - the new one's obvious..."

Caller: "What? Like my surname?"
You: "No, it's obvious"
Caller "First name?"
You "No"
Caller "letmein?"

Yeah, it's been a bad day!

Re:My password is safe

even better: "thereisnopassword"

Re:My password is safe

PHALE.

Stop with the advertising

[ShadowRangerRIT]

This isn't really about GPUs, it's an advert for ElcomSoft products. The whole summary is in marketing-speak for crying out loud.

Re:Stop with the advertising

[ShadowRangerRIT]

And for the curious, TFA is no better. They're calling it a benchmark so they can advertise more effectively, that's all.

Re:Stop with the advertising

It didn't work though, as I'm an Intel Quade Core/nVidia user and apparently their software is poorly optimised for my system.

Hah. Eat that bad marketing droids!

Re:Stop with the advertising

[Sir_Sri]

And a bit of an and underhanded advert for ATI. 'Password recovery' is an inherently parallel problem that really likes the sort of math gpus do, and not so much the sort CPU's do. The ATI 5000 series are the fastest GPU's available at retail right now, doesn't take a genius to put 2 and 2 together here. Anyone who knows anything about NVIDIA's workstation parts knows they are not radical departures from their current retail chips so saying your new fancy retail part is twice as fast as the workstation version of the other guys last gen part is stating the obvious.

Re:Stop with the advertising

Anyone who knows anything about NVIDIA's workstation parts knows they are not radical departures from their current retail chips so saying your new fancy retail part is twice as fast as the workstation version of the other guys last gen part is stating the obvious.

I agree with what you're saying but Nvidia's current GPUs are about 2 or 3 generations old.
They did a die shrink but its the same as their previous generation chip. They've been
re-cycling chips with new part numbers while they fix the bump problems.

Re:Stop with the advertising

[ClosedEyesSeeing]

... The whole summary is in marketing-speak for crying out loud.

And for the curious, TFA is no better. They're calling it a benchmark so they can advertise more effectively ...

You must be new here.

Re:Stop with the advertising

[drachenstern]

well, I've not RTFA but if they can get double the performance of a Tesla system using much cheaper (as I recall it's expensive, which isn't saying much ~ I refuse to google if I won't RTFA) video cards isn't that something to talk about?

BAH, now you've got me bothered to RTFA... guess I should go do work instead?

Re:Stop with the advertising

My Via Nano does this same thing about 27% faster than the fastest Intel part.

So there!

Re:Stop with the advertising

[toastar]

Anyone who knows anything about NVIDIA's workstation parts knows they are not radical departures from their current retail chips so saying your new fancy retail part is twice as fast as the workstation version of the other guys last gen part is stating the obvious.

I agree with what you're saying but Nvidia's current GPUs are about 2 or 3 generations old.
They did a die shrink but its the same as their previous generation chip. They've been
re-cycling chips with new part numbers while they fix the bump problems.

Doesn't Fermi get released like next week?

Re:Stop with the advertising

[jank1887]

come on. It CLEARLY states that "An anonymous reader" wrote that summary.

Re:Stop with the advertising

[hairyfeet]

While I'm not sure the exact date of the new Fermi release, from what the reviewers have been saying so far Fermi cranks out the heat so bad it puts the old P4s to shame. Which if true would make it a pretty bad chip to use for these kinds of situations where more chips is preferable due to the cooling costs.

Feel free to Google (about to walk out the door here so I ain't got the time) but from what I have been reading the new 5xxx cards have been getting better about heat with each new GPU and they weren't bad to start with. Bumpgate really threw Nvidia behind and from the looks of things it will probably take at least another generation or two past Fermi to catch up, which is to be expected. Just look how long it took Intel to figure out the P4 was a bad idea and get back on track with the Core series.

The only question will be if Nvidia can keep enough positive cash flow going to R&D their way out of it, as Fermi really doesn't test well against 5xxx for gaming, at least in initial reviews, and it is the ePeen gamers shelling out the crazy money for the top o' the line cards that really helps the bottom line in the GPU business. ATI was pretty smart in this regard, have to give them credit where credit is due, by designing for the mainstream middle price/performance mark first, and simply doubling the GPUs to hit the top end market. It gives ATI a lot cheaper GPU and allows them to hit the middle and low end markets almost at launch, where Nvidia has to push it to the limit to design the top gaming card first, then figure out how to cut it down for the middle and low end. It should be an interesting matchup, that is for sure.

Re:Stop with the advertising

[Lord+Ender]

As an IT security guy, I found this to be informative, actually. When analyzing the security of a system or organization, I need to know not just what is theoretically possible, but what can be done with already-existing software and hardware.

This article gives me some idea as to what attacks are currently practical (and for what key lengths).

When research or engineering achievements come from the commercial (rather than academic) sector, it isn't really reasonable to expect an academic tone. They're tooting their own horn, but they are doing it about something important.

Re:Stop with the advertising

[ShadowRangerRIT]

Apparently ElcomSoft has some employees with /. accounts and mod points. Because I don't see how the PP is a Troll (and it wasn't a mistake, someone modded it Troll quite a while after it was modded to 5).

Re:Stop with the advertising

[node+3]

Having skimmed TFA (actually, TF Press Release) it doesn't sound like there's anything really interesting here other than GPUs are faster are parallel calculations than CPUs. This is already known.

Cracking WPA and iPod/iPhone backups is still not a feasible task. Instead of 20 billion years (or whatever), it'll now only take 1 billion? Saying "20 times faster" makes it sound like you can already reliably crack these things, and now instead of a few hours, it's only a few minutes. But unless I missed it (and I certainly could have), that's not the case. It's just Moore's Law continuing on, in this case on the GPU instead of the CPU. We already know newer chips will be able to try more keys per second, but we're a *long* way from it being something to have any reasonable level of concern over.

It strikes me as odd that they actually have a product for this. It may be useful for short key lengths, but not for the things listed in the headline. It's like saying the hydrogen bomb can destroy Jupiter 100 times faster than an atom bomb. It may be technically true, but it's not a practical solution.

Re:Stop with the advertising

If you are worried about an individual: The password needs to be 10 characters. (Upper, lower, digits and symbols.)

If you are worried about governments or large corporations: The password needs to be 12 characters. (Again - upper, lower, digits and symbols.)

If you want to use a subset of the possible characters, the passwords need to be longer.

That's based on actual results using GPUs to perform the calculations.

Re:Stop with the advertising

[ZosX]

Apparently ElcomSoft has some employees with /. accounts and mod points. Because I don't see how the PP is a Troll (and it wasn't a mistake, someone modded it Troll quite a while after it was modded to 5).

How else would you explain this blatant slashvertisment?

Re:Stop with the advertising

[Kalriath]

The TFA is also an incredibly unreliable source too. They claim that there is an unpatched vulnerability in Microsoft's Virtual PC hypervisor (as at 16 March 2010), when Microsoft released a patch on the 9th of March. Yup, can totally trust them.

Re:Stop with the advertising

as an IT security guy, if you're so focused on what attacks are practical _now_ then you've failed, remind me not to put any data I care in your company services.

Re:Stop with the advertising

[AmiMoJo]

I'm sceptical how as to how useful this actually is anyway. When using the GPU you can only do a brute-force attack, not a dictionary attack. At 100,000 passwords per section you could search all 8 letter passwords containing all lowercase letters in about 24 days. That bumps to 21 months at 9 characters and 45 years at 10.

If you want to do mixed case and numbers then a 7 character password will take about a year, an 8 character one about 70 years.

A dictionary attack is much more feasible but can't be GPU accelerated.

Re:Stop with the advertising

[Lord+Ender]

Mr. Coward, IT Security has a cost. As a security analyst, we must give the customer the best bang for the budget, not the best recommendation they can never afford to implement. That means prioritizing threat mitigation based on, among other things, attack feasibility.

It sounds like your understanding of the industry is quite unsophisticated. I doubt, Mr. Coward, that you are actually "an IT security guy," as you claim to be.

Re:Stop with the advertising

so you actually think that the data that should be protected should be protected from today attack uh? isn't that data valuable the next year? what do you plan to do, migrate every year all the data to a new security platform?

perspective, you have none.

Portrayal

[Dan+East]

I like the way this is portrayed in a totally positive light, as if a person, upon forgetting the password to their device, is going to go out and buy one of these video cards, install it in a machine capable of supporting it (PSU wattage, bus speed, OS, etc), purchase the proprietary "password breaker" software (sold by the company that authored this "story"), all just to recover their password. I think the typical usage for this type of setup is of a more nefarious sort.

Re:Portrayal

[mcgrew]

You remember that Elcomsoft was the company Dmitry Skylarof was (is?) with? He's the guy who got thrown in a US jail for something he did in Russia that was completely legal in Russia.

Re:Portrayal

but, we wouldn't be on your lawn.

Re:Portrayal

[bernywork]

Yeah like selling one time password solutions to IT bosses when someone gets ahold of their SAM.....

Re:Portrayal

[jonbryce]

No, the US jury found him not guilty.

Re:Portrayal

[wvmarle]

It all depends on your point of view.
One man's "password recovery" is another man's "password cracking".
Just like the same person being a "freedom fighter" and "terrorist/insurgent" at the same time.
It all depends on your point of view.

Re:Portrayal

[ElectricTurtle]

Being found not guilty does not mean he didn't spend time in jail. Not everybody is released on their own recognizance pending trials.

Re:Portrayal

[ElectricTurtle]

I tend to 'recover my password' for my wireless APs with my little friend the paper clip. You're absolutely right that the more common use of something like this is going to be cracking.

Re:Portrayal

[roman_mir]

Dmitriy Skliarov is the more correct phonetic spelling. /. still does not accept UTF-8, it's retarded.

Re:Portrayal

[Minwee]

a person [...] is going to go out and buy one of these video cards, install it in a machine capable of supporting it (PSU wattage, bus speed, OS, etc), purchase the proprietary "password breaker" software (sold by the company that authored this "story"), all just to recover their password. I think the typical usage for this type of setup is of a more nefarious sort.

I think you're right. Someone could use this kind of setup to play Crysis.

Re:Portrayal

[Anarki2004]

the paper clip method is effective, but its a real PITA if you have a bunch of ports forwarded and other obscure network settings. Though, I suppose the paper clip is still cheaper than the system you need for the password cracking.

Re:Portrayal

[russotto]

No, the US jury found him not guilty.

No, the charges against Sklyarov were dropped and he was released as part of a deal in which Elcomsoft agreed to accept US jurisdiction. The US jury then found Elcomsoft not guilty.

Re:Portrayal

[b4dc0d3r]

If you don't have "Save Settings" / "Load Settings" buttons somewhere in the interface, you should upgrade. I don't use them myself, but I know they are there.

Re:Portrayal

[mcgrew]

Yeah, after spending four months in jail. Lot of good it does you to be found not guilty when you're incarcerated anyway.

Re:Portrayal

[ElectricTurtle]

If you don't have an AP/router that can export configs or you just don't export those configs, it's your own fault, just like not backing up your hard drive.

Re:Portrayal

[elrous0]

I'll take the point of view of 99.999% of people who buy (or more likely pirate) this software, and say that's its primary use will be nefarious.

Re:Portrayal

[Yvanhoe]

Yeah, they may be people who just moved in and who want to have *gasp* internet access ! The vicious bastardly devils ! The thieves of non-thievable property ! the... the... TERRO-PIRATES !

Re:Portrayal

[Sir_Lewk]

I like the way crowbar makers advertise their produce in a positive light. As if anyone, upon realizing that they need to pull hundreds of deeply sunken nails, is going to go out to the store and buy a heavy 2 foot crowbar. I think the typical usage for crowbars like this is of a more nefarious sort.

Re:Portrayal

[Mister+Whirly]

No, but short of capital crimes, or high risk flight, bail is usually an option.

Re:Portrayal

[Runaway1956]

I don't know if that's entirely fair. I've cracked at least a half dozen passwords, for entirely benign reasons.

The ones I've done for fun, I can't even begin to count, LMAO

Nefarious? Well now - let's get ex-president Bill Clinton in this discussion, so we can obfuscate the meaning of "nefarious", along with "sex" and "is". ;^)

Re:Portrayal

[Mister+Whirly]

Last time I checked, free unfettered internet access still isn't a god given right. If you want a service, you need to pay for it.

Re:Portrayal

[huge+colin]

Yeah, unicode will definitely save us all.

Re:Portrayal

[ElectricTurtle]

Foreign nationals such as Dmitry Skylarof are usually classified 'high risk of flight' because they are expected to run back to their country if given half a chance, so, yeah, not out of the ordinary.

Re:Portrayal

[hatten]

Wow, I didn't knew clippy could do password cracking!

Re:Portrayal

Maybe if there had been a faster GPU in the prison library computer he could have cracked the door keypad codes and released himself earlier.

Re:Portrayal

[roman_mir]

Can you come up with your own points on why allowing UTF-8 on /. would be a disaster? I think you cannot. Stop parroting other people's thoughts, they are valid for certain types of problems are invalid for others. Allowing UTF-8 characters on this website can be done, some people just don't want to let other languages in.

Re:Portrayal

[Unequivocal]

I'm with you - that article is humorous but is about the difficulties of multi-lingual websites. Your point is that if you want to display a non-Ascii char on /. you ought to be allowed to. Seems simple and I for one welcome our new UTF-8 overlords.

Re:Portrayal

[Nutria]

You're absolutely right that the more common use of something like this is going to be cracking.

Since you need a USD1000 video card to go along with the s/w, it won't be your run of the mill Joe High School Geek, it'll be Serious Black Hats.

Re:Portrayal

[Unequivocal]

I think I get your point, and at the risk of being pedantic: heavy crowbars are for demolition work (often in wood-frame residential de-construction), not pulling nails. They are invaluable for separating 2x4 framing members without destroying them, so you can re-use the construction material in the new project. I don't have any stats, but I can't believe that but a tiny fraction of heavy crowbars are used outside of the construction trade.

Re:Portrayal

Because the languages that need unicode are only spoken/written by filthy and disgusting people.

Re:Portrayal

Dude, I was there. Defcon 9.

He didn't "enter a hostile country" unless you think the USA hates everybody and is hostile to all.

Dmitriy broke no US laws and broke no Russian laws. No US entity had complained about his activities before his arrest. He had every right to think he'd not be bothered.

But he he angered a powerful and amoral US corporation named Adobe, so they had their government lackeys detain him. When Adobe took a horrible blog-beating and a nearly instantaneous sales hit they asked the fedguv to drop the charges and the USA said "no, you turned him in, you don't prosecute DCMA, we do - he stays in jail for a year until we eventually get around to trying him and finding him not guilty". The worm turned on its master, very funny for everyone but Dmitriy's wife and infant children.

What did Dmitriy do that brought corporate wrath down on him? He revealed in a public forum that Adobe's e-book cipher, which they were shopping to authors as "hard encryption", was ROT-13. I was there when he did it. That's right, Adobe was telling authors that their technology would prevent duplication of their books, but their copy-protection was ROT-13. It's beyond parody.

Dmitriy revealed to e-book authors that Adobe had ripped them off. For that, he was held in durance vile.

Why did he do it? Not for the challenge, it was trivial! He did it so people could back up their legally purchased e-Books and so that blind people could read e-books. For that, he was held.

Re:Portrayal

[networkBoy]

I found crowbars to be too messy for kneecaps and skulls. Baseball bat manufacturers... Those are the real nefarious ones because their tools are less obvious when openly carried...

Re:Portrayal

If you deal with Cracking IP protection then the USA is in fact a hostile country.

Just ask most guys that talk at Defcon or Hope that come from outside the US. we are in fact hostile to them and will gladly gulag someone.

the USA IS A HOSTILE COUNTRY.

Re:Portrayal

[CityZen]

The sub $300 graphics card will probably still be faster than the $1000 CPU, and the high school geek might get a cracked version of the $1200 software, so it's still within his purview.

In any case, the USD1000 video card is sub $800 now, and will be half that in a few months. The advancement of technology will let all threats eventually percolate down to the lowest levels.

Re:Portrayal

[changa]

That is where Adobe went wrong, they should have used double-ROT13.

Re:Portrayal

[tirnacopu]

I did this kind of purchase at one time, for a perfectly valid reason. A rogue accountant deleted company data to cover his ass, but was keeping encrypted backups before that. I could undelete several archives, but they were .ace unfortunately, and there are no solutions I am aware of to at least brute-force it (their decompression .dll crashes randomly). If, at the time, someone would have told me that a Radeon card can increase my chances of recovery, I would have bought ten of them instantly.

Re:Portrayal

[Rene+S.+Hollan]

Try posting bail when no one else has access to your money or collateral and no one is willing to advance you a loan for that purpose. You first have to get to your lawyer (assuming you have one, and not a public defender who won't give a crap), have him draw up (or use a boilerplate) power of attorney form so s/he can access your funds, have a notary witness your signature at the jail (often not possible since the only physical (non-video) visitor you can have is your lawyer), and take that to your bank during business hours.

A debit/credit card might work, and you might indeed have it on your person when you are arrested. But, it will be safely stored with your personal possessions, and not provided to anyone other than upon filing in a release form, that your jailer may not approve (generally the deputy overseeing the jail module where you are held). Have you got your debit/credit card number memorized? The expiration date? The code on the back?

Things that can take a few minutes over the phone can take many days when one is in jail.

Re:Portrayal

[Mister+Whirly]

All true, but if you can't meet the conditions I don't think it is the court's fault. Also, believe it or not, there is an entire business set up around doing all the complicated things you mention. Look up bail bondsmen sometime.

Re:Portrayal

if you can't meet the conditions I don't think it is the court's fault

Why does that sound like the exact same argument used to deny certain groups the right to vote?

Re:Portrayal

[binary+paladin]

This article isn't even anti-unicode, it's just saying unicode doesn't magically make something international.

Unicode still makes it easy to work with multiple character sets at once. Shit, use the right fucking tools for the right job and sometimes unicode is the right tool.

Re:Portrayal

[bill_mcgonigle]

That is where Adobe went wrong, they should have used double-ROT13.

Heh, Sklyarov could have claimed that he was merely encrypting the files a second time. :)

Re:Portrayal

[Rene+S.+Hollan]

Bail bondsmen can't help you if you can't post collateral or pay the bond fee.

The problem isn't not having the resources to post bail. (Well, that is a problem, but a different one.) The problem is not being able to execute the steps to do so.

Re:Portrayal

[sjames]

Especially when it's a foreign jail a long way from any friends or family and where the laws are unfamiliar.

Re:Portrayal

[geminidomino]

Can you come up with your own points on why allowing UTF-8 on /. would be a disaster? I think you cannot. Stop parroting other people's thoughts, they are valid for certain types of problems are invalid for others. Allowing UTF-8 characters on this website can be done, some people just don't want to let other languages in.

Know your history. /. used to allow it.

It didn't go well. (Pay attention to the comment headers)

Re:Portrayal

[russotto]

the USA said "no, you turned him in, you don't prosecute DCMA, we do - he stays in jail for a year until we eventually get around to trying him and finding him not guilty". The worm turned on its master, very funny for everyone but Dmitriy's wife and infant children.

Actually, he was released from jail after 3 weeks and allowed to return home to Russia after 5 months. The real facts are bad enough without making stuff up. Elcomsoft was acquitted a year following Sklyarov's release.

Why did he do it? Not for the challenge, it was trivial! He did it so people could back up their legally purchased e-Books and so that blind people could read e-books. For that, he was held.

He worked for Elcomsoft; Elcomsoft sold a product to unlock the eBooks. I wouldn't be so quick to ascribe noble motives to either one.

Re:My password.

[FireofEvil]

1, 2, 3, 4, 5? That's amazing! I've got the same combination on my luggage!

GPUs

[Thyamine]

This isn't the first story about how crazy fast GPUs are for crunching. I know very little about that level of hardware, but why aren't we incorporating these types of things into CPUs? Is the coding/assembly so different that it doesn't translate? Do they only do certain kinds of processing really well (it is a GPU after all), so it couldn't handle other more 'mundane' OS needs?

Re:GPUs

[godrik]

It is in progress in fact. That was the point of intel 80 cores prototype.

I found funny that with time we keep doing the cycle external processor->co processor->ntergrate in CPU dye -> external processor

Re:GPUs

GPU's are better at doing certain calculations generally, and are very good at parallel processing seeing as graphics can be broken down to be processed parallel very quickly. For this, gpu's have a ton of cores. So in a way processors are indeed starting to follow with multicore systems but it is nowhere near the number GPU's use. High end GPU's now have 480+ processor cores on a card these days, thats a lot more then 4 core intel's ;). But if you had a ton of cores on the processor, each additional one doesn't add too much to actual cpu power as most things must be done linearly, not parallel. Just helps with multitasking really. Which is why a few cores are useful, but overall power of the core is better then having a ton of them. Graphics cards go with a ton of lower speed cores.

Re:GPUs

[imgod2u]

To some level, CPU's have been moving to be more GPU like for a long time. SIMD (SSE, AltiVec, NEON) are GPU features that made their way to CPU's. Ditto for parallel, long pipelines. Remember the Pentium 4? That was a huge step in the GPU direction.

There are two problems with that approach:

1. Code that isn't pure number-crunching doesn't run well on such a compute model.
2. The model is almost entirely memory-starved. GPU's have up to a GB of high-speed, dedicated RAM on the card itself. CPU's have to live with high-density (relatively) slot-loaded memory.

AMD is moving in a direction where the GPU compute parts are fed by the CPU front-end. As we move forward, I suspect we'll see more of a "fusion" if you will (don't sue me) of the two compute models.

Re:GPUs

[TheKidWho]

Yes GPUs are very different, they are designed to do a lot of very similiar calculations to an extremely large set of vector data. That's also pretty much all they do, they aren't nearly as good for logic like a traditional CPU is.

Re:GPUs

[jonbryce]

The coding / assembly is so different that it doesn't translate, and they only do certain kinds of processing well.

Re:GPUs

YES.

These cards are fast in certain applications due to the extreme parallelism, this simply doesn't work in the majority of day-to-day computing.

Re:GPUs

GPUs are ridiculously parallel SIMD style processors. They are good at performing massive amounts of calculations in parallel, but for it to be effective these calculations have to be the same across all cores. GPUs don't have a huge amount of true CPU-style cores; rather, they can run one or a few algorithms over many instances of data in parallel. This works great for certain scientific and brute-force calculations such as these (and for 3D games), but it doesn't really work for regular programs. Also, GPU programs usually need to be written in a specific programming language (usually a derivative of C) and with this parallelism in mind.

CPUs already have something like this (SIMD instructions), and they help for many workloads, but massive paralellism like this only really works for GPU-type tasks, not your average OS/apps.

Re:GPUs

[John+Napkintosh]

The last sentence nails it. They only do certain types of operations well, and the frequency with which I upgrade GPUs compared to CPUs - or more specifically, the fact that I very rarely replace both at the same time - leads me to believe I'm better off having them separate. Maybe there are parts of the GPU which could be incorporated into the CPU, and I think that might be what the Core i3/5/7 processors are doing with GMA integration.

Re:GPUs

[wvmarle]

They tend to be specialised processors, designed specifically for graphics related tasks. Those tasks happen to be computationally very similar to other tasks such as protein folding. Though they will be poor performers or possibly totally incapable of certain tasks your CPU has to do.

That said I'm waiting for the first CPU to build in a GPU so we don't even need a separate graphics chip on our motherboards any more to for the already integrated graphics output.

Re:GPUs

[poetmatt]

you mean the one that horribly failed and wasn't even close to performing as good as a graphics card?

oh, right.

Re:GPUs

[idontgno]

The effect is a long-standing and well documented observation about this industry. I guess Moore's Law is antithetical to satori.

Re:GPUs

[poetmatt]

As an aside, GPU's have up to 2GB and soon to be 4GB. The rest of what you said it dead on.

You are right though, the concept of gpu/cpu hybrid seems to be a possible end result if the combination can be run successfully. I suspect there is a lot of very tough engineering involved with getting such a concept working.

Re:GPUs

[SuperMog2002]

Is the coding/assembly so different that it doesn't translate? Do they only do certain kinds of processing really well (it is a GPU after all), so it couldn't handle other more 'mundane' OS needs?

Yes, exactly. CPUs are built from the ground up to do scalar math really, really fast. That lends itself well to doing tasks that must be performed in sequence, such as running an individual thread. However, they've only recently gained the ability to do more than one thing at a time (dual core processors), and even now high end CPUs can only do six calculations at once (6 core processors).

Meanwhile, GPUs are built to do vector math really, really fast. They can't do individual adds anywhere near as fast as a CPU can, but they can do dozens of them at the same time.

Which type of processor is best for which job depends entirely on the nature of the math involved and how parallelizable the task is. In the case of 3D graphics, drawing a frame involves tons of vector arithmetic work, which is why your 1 GHz GPU will run circles around your 3 GHz CPU for that task (and is also where the GPU gets its name from). In the case mentioned in the article, password cracking is highly parallelizable: you've gotta run 100 million tests, and the outcome of any one test has zero influence on the other tests, so the more you can run at the same time, the better. By running it on the GPU, each individual test will take a bit longer than running it on the CPU would, but you'll be able to run dozens simultaneously instead of just a few, and will thus get your results much faster.

CPUs certainly have their place, though. Some tasks simply must be done in sequence and cannot be easily divided up in to seperate parallel tasks. The CPU will get these done much faster, since running them on the GPU would incur the speed penalty without realizing any benefit.

I've simplified it a bit for the sake of explanation, but that's the gist of it. Hope that helps!

Re:GPUs

[ShadowRangerRIT]

That's not really the same thing. The Intel 80 core prototype was still a CPU at heart, they just made improvements to communication. GPUs are quite different. GPUs are designed as primarily floating point processors (though newer ones can do low precision integer math with similar efficiency), but more importantly, they are vector processors with virtually no support for conditional statements and optimized for sequential access to memory instead of random access. They're halfway between dedicated circuitry and a general purpose CPU; what they can do, they do *very* well, and they can generalize a little, but tasks they weren't designed for need to be rewritten to accommodate their quirks, and eventually reach a point of diminishing returns. Integrating GPUs into the CPU will allow more programs to use it (and possibly speed processing and enable new scenarios where the CPU and GPU need to communicate frequently), but for run of the mill computing tasks, the relatively inflexible design of GPUs is a problem.

Re:GPUs

[TheKidWho]

What are you waiting for? The new Intel processors already have integrated on-die GPUs. The next generation will have the GPU and the CPU completely integrated.

Re:GPUs

[godrik]

well, It was not really a CPU at the heart. It was more a complex network of heterogeneous computing unit with classical CPUs but also DSPs, vector float processing units...

It was of course a prototype and never reached the amrket, but merging CPU-type and GPU-type on the same chip seems definitely to be in Intel's and AMD's roadmap.

Re:GPUs

[imgod2u]

The biggest problem will be heat. GPU's currently consume and dissipate upwards of 200W. Likewise for CPU's. To get a single die or even package to consume and dissipate that much power and heat will be a challenge not just for the silicon designers but the system guys as well.

Re:GPUs

[ShadowRangerRIT]

...most things must be done linearly, not parallel.

Or to be a bit more precise: Humans can't think about parallelism well. Certain obvious, discrete tasks can be split up, but having whole threads of execution constantly communicating and touching shared resources overwhelms the capacity of most programmers. You could write a massively multi-threaded program to do a lot of stuff that is currently done linearly, but you'd risk a whole lot of crashes and deadlocks from the inevitable bad code and you wouldn't get the full increase in speed since the thread and synchronization management would eat up a lot of the gain. Because of that, most successful programs that use multiple threads of execution either completely separate the running environments (heavily segregated threads or completely different processes). The ones that don't need that level of separation (video encoding, password cracking, etc.) are often the same programs that can benefit from running on a GPU.

Re:GPUs

[0123456]

I know very little about that level of hardware, but why aren't we incorporating these types of things into CPUs?

Because most people don't want their CPU consuming 300W of power when idle?

Re:GPUs

[wvmarle]

You see how well I follow current hardware :)

When buying a computer these days I go for the cheapest/slowest specced hardware which is way more than what I need (watch videos, troll /., e-mail, general browsing, some web/general programming, standard office work).

And actually what I'm waiting for to buy a new box is for the old one to die. 5 year old hardware is still fast enough for pretty much everything that I do.

The CPU speed problem is solved and done with for all but the most demanding applications (since well 8-10 years now).

GPU as well. A little later, when did we get integrated graphics again?

Memory problem is also solved. So cheap now.

The iPhone is already as powerful as a 10-year-old desktop. And it's not that I'm doing anything now that I couldn't do on my computer 10 years ago - at least not hardware wise.

OK so now the GPU is on the CPU die. The memory controller is there already, right? It should be a no-brainer to integrate small stuff like ethernet. Bluetooth/wifi may be a bit harder due to the necessary aerial. Now all that's left is to integrate the RAM on the die and we're there. A one-chip computer. No need for complex motherboards any more. At that moment the whole hardware issue is solved.

Re:GPUs

Also, even if you tried, you couldn't do something like this on a regular x86 CPU. Most of the non-cache circuitry on an x86 CPU is dedicated to decoding the pathetically bad x86 instruction set and working around its huge limitations in order to attain reasonable performance (i.e. that circuitry does nothing useful). The only way to get decent performance with a reasonable amount of transistors (so you can have many cores) is a properly thought-out architecture (e.g. PowerPC), and to go even smaller / more parallel you usually design your own ISA (e.g. the Cell's SPEs or GPU shader processors).

Re:GPUs

[blackchiney]

It's all about IP. It wouldn't be horribly difficult to put a GPU and CPU on the same die. BUT, Intel doesn't GPU manufacturers getting into the x86 business and GPU makers certainly aren't going to give Intel any of their technology and get cut out the market. Intels attempts at GPUs has been less than spectacular. Good enough for Word and Excel. Not good at modern gaming.

So for the foreseeable future CPUs and GPUs will be treated as seperate entities.

Re:GPUs

[Orgasmatron]

3D rendering involves lots of integer math, and there are huge portions of any given render that do not depend on each other. For example, the scene may involve calculating the vectors from thousands of vertices and faces of polygons towards hundreds of light sources. That is millions of operations that are essentially independent. Another phase of a render will require calculating the intersection of each view vector (and more if you use FSAA) with a polygon in the scene.

So, modern GPUs are a special case of a CPU. They have many cores, each of which has many integer and/or vector units. Their sole purpose in life is to perform those millions of parallel operations as fast as possible. Modern GPUs can perform hundreds or thousands of operations per cycle, at speeds gradually approaching CPU speeds.

Technically, you can run arbitrary code on a GPU, just like your keyboard or SCSI controller is Turning Complete, but they are so optimized for their job that it would be impractical. Unless, of course, you have a massively parallel integer math problem you want to solve, like brute forcing a password...

Re:GPUs

Cell processors, anyone?

Re:GPUs

Ah. Spoken like a true unemployed former PowerPC programmer who is bitter because most of the world is using the x86 instruction set.

Re:GPUs

[marcansoft]

Slow down, my friend. ICs aren't created equal, and you can't just throw everything on one die. Processes can be vastly different and what is optimal for one IC isn't optimal for another. For example, you can't manufacture standard DRAM on a CPU process - RAM processes are vastly different as they need to create capacitors. WiFi needs specific RF circuitry and often requires external ICs with exotic processes for switching/etc (GaAs or silocon on sapphire). Bluetooth will probably still need some funky silicon structures, even if not as much as WiFi. Other external interfaces like DVI and Ethernet are often not worth integrating (then you get separate chips to perform the physical layer encoding, even if the control logic is embedded into your CPU).

Besides, on a PC, being able to mix and match hardware is critical to get flexibility. If you want integrated everything, go for a cheap netbook, or the newer ARM-based tablets/netbooks that will (hopefully) be coming out. Those already integrate many more things into one die. Systems like these already use SoC chips that implement many things in one; for example, I have an ARM single-board computer that's the size of a credit card. The CPU includes basic peripherals, an Ethernet MAC (no PHY though, that's a separate chip), memory controller, PowerVR SGX GPU, and many other things. The memory is physically soldered on top of the CPU (package-on-package technology), and it's actually a combo package with one 512MB Flash die and two 256MB RAM dies, so, in fact, the whole shebang is four silicon dies stacked on top of each other with a total height of about 2mm. However, WiFi and Bluetooth are on a separate Marvell multi-die module, because it includes parts made with a vastly different process. The DVI encoder is also separate (not everyone needs DVI, and TMDS encoders aren't worth integrating), and so is the Ethernet PHY (that also isn't easy/desirable to integrate). So the main ICs on this board are CPU+RAM, Ethernet PHY, DVI encoder, Wireless, and the power controller (which also integrates an USB 2.0 OTG PHY, the RTC, clock generator, and an audio codec). At this stage, I think this is plenty of integration. One die for everything would be more trouble than it's worth.

Re:GPUs

[Eternauta3k]

OK so now the GPU is on the CPU die. The memory controller is there already, right? It should be a no-brainer to integrate small stuff like ethernet. Bluetooth/wifi may be a bit harder due to the necessary aerial. Now all that's left is to integrate the RAM on the die and we're there. A one-chip computer. No need for complex motherboards any more. At that moment the whole hardware issue is solved.

We've had ICs like that for ages, mainly in portable devices which have everything and the kitchen sink in a single package. However, I'm not sure it would be ideal for a general-purpose PC to have everything in the CPU for a bunch of reasons, mainly how it would raise costs and give you less flexibility regarding peripherals. It seems more reasonable to have bluetooth, network, etc. in the motherboard or plug-in cards, so you don't have to replace your CPU when a newer version comes out (or when you use your cable tester on a still-plugged cable and destroy your network card)

Re:GPUs

[icebraining]

Intel doesn't GPU manufacturers getting into the x86 business

I think you accidentally a word.

Also, how can Intel prevent GPU manufacturers from getting into the x86 business, if AMD is already in both?

Re:GPUs

I wonder how GPUs would work as SSL accelerator for servers? I assume that if they are good for wifi password cracking it would be good for SSL acceleration, though I don't have deep knowledge in SSL so not sure.

Re:GPUs

[Linker3000]

Coming soon: the i3-387DX, i5-587DX and i7-787DX GPU co-processors, and motherboards with GPU coprocessor sockets next to the CPU.

Happy days.

Re:GPUs

[pandaman9000]

I haven't checked prices, but a long-term PC with a 5 year survival as a non-gaming platform would be:

  Expensive mainboard (Asus M4A79-T Deluxe comes to mind) - longevity and huge feature set
AMD phenom2 X2 550 processor (2 cores @3.1 or 3.2 Ghz crazy OC able)
ATI 4650 video card (just enough oomph to play HD videos, and even many games)
4 GB DDR3-1333 (2 GB per stick, so can be 8 GB in 2 years when needed)
Antec 300 case
Antec/OCZ, etc 700 W Power supply
Seagate 7200.12 2TB Hard Disk

This is the core build of a PC that could be upgraded to a solid gaming rig with a simple CPU and video card swap. You could absolutely shave off about $150, if you didn't mind losing upgradability, performance, and reliability.

Of course this is just one version of how to build these. The focus is on a 75 dollar CPU and 55 dollar video card. Both are upgradable. The case, power supply, and mainboard are the key pieces to research in terms of having a PC that can be used 5+ years without bogging down to a crawl or requiring major parts replacement. Intel has changed platforms more often than AMD, and I prefer to not have to buy a new motherboard and power supply to do upgrades within 5 years.

Re:GPUs

[Kjella]

However, they've only recently gained the ability to do more than one thing at a time (dual core processors) (...) I've simplified it a bit for the sake of explanation, but that's the gist of it.

Actually, I think you simplified away probably the most important bit about why a 1 GHz stream processor is nothing like a 3 GHz CPU for general computing, because it all sounded like a CPU light. Stream processors are the computer version of dragster cars, they are extremely good in a straight line but very poor at code branching and have extremely limited memory access. CPUs on the other hand will do everything possible to prepare for turns and predict calculations down every turn you might make and has a huge caching system to access any memory, they're more of an extremely maneuverable terrain vehicle. If you tried running your OS from a stream processor you would find it very slow, not 1/3rds slow but more like "wtf am I back in the 80s?" slow because it'd be stalled most of the time.

Re:GPUs

[Nutria]

No one has mentioned that adding a GPU increases the size of the CPU, thus reducing wafer yield, boosting per-chip cost.

Better to stay with relatively discrete functionality, so that a few bad transistors doesn't make useless too big of a fraction of the wafer.

Re:GPUs

[imgod2u]

Actually, Larrabee *was* designed to be a GPU. The approach was unique in that each individual core was x86 but the heart of each core was a powerful SIMD (SSE) unit. The idea was that you could program it like you did a multi-threaded x86 program (like you would with multi-core x86 CPU's) but it would run very fast like a GPU.

GPU's nowadays (ever since DirectX 8 I believe) support branching, conditionals, and all have local pockets of cache to deal with the DRAM they have to interface to. GPGPU compilers like CUDA and OpenCL all support this.

Really, nowadays, there isn't much of a difference. Think of modern GPU's as a lot (hundreds) of parallel, light CPU's. And think of multi-core CPU's as a couple of really really fast GPU's.

Re:GPUs

[Bengie]

For vector based calculations
My i7 ~90watts
My ATI 4850 ~150watts

My 4850 is about 1000 times faster than my i7 for certain distributed programs, yet under 2x's the power draw.

Re:GPUs

[wvmarle]

I think you're mixing up wants and needs.

Currently I am doing most of my stuff on a five-year-old iBook. The lowest end at the time. Will last for another couple years.

Next to me a PC, Intel, some three years old, also pretty much lowest end at the time. I don't even know the specs much less truly care. It works, plays my videos, allows me to surf the net. Its hardware doesn't slow me down, it's fast enough.

Under my desk a 8-10 year old box, 650 MHz iirc, some 128 MB I guess, that was until a year ago the server in my office (mail, files, my web site, everything). Unfortunately it broke down, and I had to replace it.

I'm not a gamer, and I don't have HD video. My desk is too small for a monitor over 17". I am considering upgrading my 15" monitor but on the other hand it does the job.

700W for power supply that is more than my electric heater in this room. And in summer it's hot enough as it is already. How come we can't compute with less than 50W any more (not counting the monitor)? 2TB disk? well I'm not collecting movies or so. Integrated video does the job just fine, maybe not all the eye-candy and so, but to spend a lot just for more fancy window movements no thanks.

You maybe should re-read the list of what I'm actually doing with a computer. There is nothing you can not do easily on a computer from 8 years ago. OK firefox starts up a few seconds faster maybe, but that's not worth a month's income.

We're not living in the early 90s any more where there was a big difference. It matters if you have a 386DX33 or a 486DX2-66 from a few years later. It doesn't really matter if you have a 1 GHz single core or 3 GHz quad core. You're not typing any faster on it. Your movies don't play faster on it, both will happily play full HD. Web sites won't load faster (javascript may make a difference but that's mainly a software issue), your net connection is the bottleneck.

Re:GPUs

[networkBoy]

Nevermind that by the numbers Intel is the worlds biggest GPU manufacturer (GMA)

Re:GPUs

[poetmatt]

I don't know the specifics, but I suspect bengie is correct that the heat isn't the biggest issue. Both have thermal ranges that are close to eachother and have not that substantially different heat generation.

one of a multitude of issues is: how can you get the instruction sets to sync up? One is a general purpose unit and the other is a specific instruction unit. We're also talking about say, 1600+ cores on one versus 16 to maybe 32 (or say 64-256 in the near future) cores on the other. Remember, this will likely be done on enterprise before it hits consumer level - rendering farms would love it.

This is not just a translation issue, the question of interface/API's to facilitate the transmission and what error checking on a base level are small fry compared to other issues that no doubt come up.

I'm sure "what's get processed where?" will be a question for that too, and not a simple question at all. First step will be sandwiching them together essentially, second will be them being truly hybrid. I don't see the latter coming any time soon, honestly. It's of considerable interest for amd/nvidia/intel, but I don't think we're looking at something in the next few iterations of processing (even if roadmaps say so).

These questions won't only affect the logical side of the device but the actual physical makeup too. If it's not efficient enough I doubt there will be compelling reasons to deviate from cpu and GPU as we have currently.

Re:GPUs

[marcansoft]

700W is just for ridiculous gaming rigs. PCs don't actually use anywhere near the rated power of the PSU. Buying a decent power supply with a higher power rating is good because pushing a PSU to its limits is a recipe for trouble or disaster. I have a 620W PSU in my quad-core desktop (4 HDDs too), but real power usage is more like 100W idle, 150W with all CPUs running at their max. A gaming video card running at full throttle or two would start pushing the power envelope up, but I'm happy with an cheap nVidia as long as it does video decoding in hardware.

If you want power efficiency, get a desktop-replacement laptop. You'll have a near full-featured PC that runs on less than 90W with the CPU and GPU pegged. With some judicious power management you can easily get regular use in under 30W battery, or 40W or so from AC (the PSU has its own inefficiencies). And if you don't need the power of a desktop, just get a regular / smaller laptop and enjoy your sub-20W average power consumption. Actual AC power figures from my huge 18.4" 2-HDD dual-core desktop-replacement laptop: 80W max (maxed out CPU and GPU), 56W idle with no power saving, 44W with lower screen brightness and more power saving, and 40W with some extra power saving. Yes, we can compute with less than 50W just fine, and that includes the monitor.

You do want a video card that accelerates mpeg-2/h.264 video playback though. A 2.4GHz dual-core will NOT play some 1080p h.264 HD content at full speed, nevermind a 1Ghz single core. HD video decoding is a huge computational power hog. Dedicated decoding hardware is much more power efficient and effective.

Re:GPUs

Sorry, I'm of college age, and with "fresh" exposure to multiple instruction sets, I can definitely say that PowerPC is a much saner, logical, and efficient instruction set. ARM is pretty nice too, though not as well suited to higher-performance machines. x86 is just insane and I can clearly see how x86 CPUs have to spend so much power and logic area dealing with x86's restrictions (or lack thereof: x86 lets the programmer pull too much crap without telling the CPU, so CPUs have to spend tons of logic trying to figure out if the programmer has done something dodgy so they can flush and update their internal caches and pipelines to compensate). Sane CPU architectures impose reasonable limitations, such as requiring the programmer to tell the CPU when he writes self-modifying code. I bet 50% of the logic on an x86 CPU could be shaved right off by replacing it with instructions that tell it when to perform certain actions (flush caches, TLB, etc.) and updating the software to use them. Alas, that would completely break backwards compatibility, which is what x86 is all bout.

Plus your argument just plain doesn't make sense because nobody programs in assembly anyway.

Re:GPUs

[Mathinker]

Good post, but you missed an easy way to emphasize the difference between GPU and CPU programming:

> but for run of the mill computing tasks

Try saying

>> but for run of the mill computing tasks (including practically anything which does branching using "if" statements)

next time (yes I know that in limited circumstances it is possible to work around this problem). Feel free to add other (more concrete) examples.

Re:GPUs

However, they've only recently gained the ability to do more than one thing at a time

MMX(1996), 3dNow!(1998), SSE(1999), hyper-threading (2002)

You were saying?

Re:GPUs

[ShadowRangerRIT]

I did note that it has virtually no support for conditional statements. I suppose "conditional branching" would have been a bit more accurate, but I didn't leave it out.

Re:GPUs

[ShadowRangerRIT]

My understanding is that even DX10+ compliant GPUs still suffer badly when conditional branching occurs. They can do it, but it basically causes them to throw away everything.

As for Larrabee, while it was designed as a GPU in some ways, I got the impression it still hewed to CPU roots. It was integer based, not floating point based. They wanted to make all those college raytracer programs practical for use, replacing the current model which is somewhat more fuzzy and less accurate, but *way* faster.

Re:GPUs

*thump*

Hey, this jukebox does't work. And why is it hooked up to this flattened tv?

Re:GPUs

[BOFHelsinki]

Excellent point. Also, where a "GPU" is good at, it still expects very large datasets, and no concern for latency of instruction execution or memory access. The total caching and execution pipeline is very long. For 3D graphics, this is perfectly all right. (And ditto for many non-graphics computing tasks -- GPGPU is a growing domain.)

Re:GPUs

[imgod2u]

I don't know the specifics, but I suspect bengie is correct that the heat isn't the biggest issue. Both have thermal ranges that are close to eachother and have not that substantially different heat generation.

I didn't get that as his point but it wasn't a difference in heat generation, it was the sum. Your GPU currently requires anywhere from 1-2 fans and a large heatsink to dissipate the heat not to mention 2 PCI-E power rails. Your CPU requires a separate 2.5V power rail that can go up to ~130W.

Consider if you consolidated that into one ~1500 pin package. The number of pins you'd need just to feed ~300-400W would be enormous not to mention getting the heat away with a sufficient heatsink/fan.

one of a multitude of issues is: how can you get the instruction sets to sync up? One is a general purpose unit and the other is a specific instruction unit. We're also talking about say, 1600+ cores on one versus 16 to maybe 32 (or say 64-256 in the near future) cores on the other. Remember, this will likely be done on enterprise before it hits consumer level - rendering farms would love it.

The way AMD is planning to do it is by having the CPU front-end feed the GPU back-end. Meaning that all of the essential instruction/thread tracking would still be done by the CPU whereas the heavy math would be done by the GPU. Sound familiar? Open up your PS3 and you'll see one.

nVidia's current GPU's already track hundreds of threads among their cores just fine. The programming model is fairly elegant, breaking instructions up into blocks that can be executed in parallel.

Re:GPUs

[BOFHelsinki]

Nvidia and ATI use confusing nomenclature -- those "cores" are nothing like CPU cores. It's easier to count the ALUs: the new Radeons have 3200 per chip. That's obviously a humongous amount. But there are extremely imposing limitations on what can be run when. The datasets must be of quite specific and distinct type to extract the "oomph". And regardless of data parallelism, any branchy code will simply suck -- the huge inherent latencies dictate that.

Re:GPUs

[imgod2u]

My understanding is that even DX10+ compliant GPUs still suffer badly when conditional branching occurs. They can do it, but it basically causes them to throw away everything.

That's entirely up to the implementation. Today's generations of GPU's don't pay much heed to conditional branching but the upcoming Fermi from nVidia, for instance, does introduce branch prediction and tracking. The API supports conditionals and loops.

As for Larrabee, while it was designed as a GPU in some ways, I got the impression it still hewed to CPU roots. It was integer based, not floating point based

*boggle* no it wasn't. The thing was a bunch of 486 CPU's each with a gigantic 128-bit SIMD (read: vector floating point) unit attached. It obviously was not made to do anything but the most rudimentary CPU tasks. Hell, it doesn't even support branch prediction or OoOE.

They wanted to make all those college raytracer programs practical for use, replacing the current model which is somewhat more fuzzy and less accurate, but *way* faster.

Erm, no. While it's true that SSE supports 64-bit FP and may have been faster than the double-precision data on current graphics cards *per core*, in aggregate, it still wouldn't be any faster than a typical graphics card. And with Fermi, nVidia has vastly improved its double-precision processing anyway.

Re:GPUs

[BOFHelsinki]

Remember the Pentium 4? That was a huge step in the GPU direction.

What?

(And try DSP for a better example of a CPU's SIMD goal rather than a GPU.)

Re:GPUs

[SuperMog2002]

Thanks! I had never even considered the branching issue, but that does make a lot of sense.

Re:GPUs

[Bengie]

My i7 920/ati 4850/4GBram uses under 300 watts pegged. The ATI 5870 which is over 2.5xs faster than my 4850 uses only 20watts more power peak.

Once I get my 5870, my computer will use ~320watts peak.

Now, compare that to my Athlon-xp 2500+(1.83ghz) and geforce 5900fx which consumed ~150watts peak.

My new computer consumes a bout 113% more power but is ~3100% faster.

decent trade-off.

actually, my new computer uses LESS power idle.. A LOT less.

Re:GPUs

[Mathinker]

Sorry, my bad. Guess I was too tired. OTOH, I still think that the simplistic "if statements are a no-go" is going to get your point across to a greater number of readers.

Re:GPUs

[TheKidWho]

Currently I am doing most of my stuff on a five-year-old iBook. The lowest end at the time. Will last for another couple years.

Lucky you, my 700mhz G3 ibook died about 4 times before I decided to not spend any more money fixing it. But then again, my ibook would be about 7 years old now, however if it didn't die I would probably still be using it today.

We're not living in the early 90s any more where there was a big difference. It matters if you have a 386DX33 or a 486DX2-66 from a few years later. It doesn't really matter if you have a 1 GHz single core or 3 GHz quad core. You're not typing any faster on it. Your movies don't play faster on it, both will happily play full HD. Web sites won't load faster (javascript may make a difference but that's mainly a software issue), your net connection is the bottleneck.

Yep, that's why my latest portable is a 1.6ghz Atom processor with an Nvidia ION, cost me a whole $450(Ram upgraded to 2gb) For browsing the web, typing up reports, or watching HD Video it's perfect.

My home desktop on the other hand is a fully maxed out 4ghz quad core computer with 6gb of ram, 2TB of HD space, top end graphics card, 1000W PSU, etc. But that's because I do CAD/CAM/CAE work on my desktop and prefer as fast of a cpu as possible. At my job I have a similar setup since on my previous 3.4ghz P4 I was spending up to half of my day waiting for the computer to do processing work. Not to mention HD gaming on my home computer. Some people actually do need all of that power!

I'm not a gamer, and I don't have HD video. My desk is too small for a monitor over 17". I am considering upgrading my 15" monitor but on the other hand it does the job.

Like I said above, I do a lot of engineering work on my desktop, I've actually moved to a 28" Monitor and I now find working on anything less to be very very restricting. For web browsing or writing reports it doesn't really matter.

Re:GPUs

[wvmarle]

Currently I am doing most of my stuff on a five-year-old iBook. The lowest end at the time. Will last for another couple years.

Lucky you, my 700mhz G3 ibook died about 4 times before I decided to not spend any more money fixing it.

My iBook's keyboard broke a year ago when I was trying to clean it (most keys don't work any more, strange), using it long time already with external monitor, keyboard and mouse. I have an EEE 701 as portable now.

My home desktop on the other hand is a fully maxed out 4ghz quad core computer with 6gb of ram, 2TB of HD space, top end graphics card, 1000W PSU, etc. But that's because I do CAD/CAM/CAE work on my desktop and prefer as fast of a cpu as possible.

For that kind of applications I can imagine you need something like that! It's just not something that 99% of the population would ever do. I've studied chemical engineering and CAD/CAM is something I know exists, but not something I have ever done.

Re:GPUs

[TheKidWho]

Why would you have 4gb of ram on an i7 920? 3gb, 6gb or 12gb for triple channel...

I like the use of the word "Recovery"

[wisebabo]

I think we all know what they really mean. ;)

(Anyway, I'm also impressed by the power shown by the GPUs. Its a good demonstration that some of the new technologies (CULA? CUDA?) that allow "regular" programmers to use this power actually will really speed up some things.)

Slashvertisement

Hey Editors,

You forgot a link to the buying page
For as low as 1.399,- € you can start cracking^Wrecovering passwords today.

Re:Slashvertisement

[cOldhandle]

In case anyone wants to play around with this tech without paying (or rolling your own): I tried out this free (as in beer) windows software yesterday: http://golubev.com/rargpu.htm It seemed to work very effectively - I was able to brute force 5 lower case letter only passwords on RAR files in a couple of minutes on a GTX260. It also has some advanced options to specify mutations of strings to try, and to use word lists.

Re:Slashvertisement

nono, it's actually free

Re:Slashvertisement

[elrous0]

Agreed, looks more like the kind of "story" we'd see posted by kdawson, not Taco.

Re:Slashvertisement

In case anyone wants to play around with this tech without paying (or rolling your own):
I tried out this free (as in beer) windows software yesterday: http://golubev.com/rargpu.htm
It seemed to work very effectively - I was able to brute force 5 lower case letter only passwords on RAR files in a couple of minutes on a GTX260.
It also has some advanced options to specify mutations of strings to try, and to use word lists.

I'll just leave this here:
http://www.golubev.com/blog/?p=35

You can see the estimated speeds in the chart that he has provided. igrargpu (ivan golubev rargpu) is teh good!

Huh?

[blackjackshellac]

Is this supposed to be a good thing? Sounds like someone's password encryption algorithm needs some upgrading to me.

Re:My password.

[Jazz-Masta]

Great! now when I go into the bank with my stack of Radeon cards they'll call security.

Out of curiosity...

I keep hearing stories about using GPUs for non-GPU computations, but has anybody here tried it?

What does your screen look like while a program like this is running?

Re:Out of curiosity...

[cbope]

Normal. Running GP-GPU or CUDA apps has no effect on output to the screen. We do it for medical imaging processing.

Re:Out of curiosity...

[Lunix+Nutcase]

I keep hearing stories about using GPUs for non-GPU computations, but has anybody here tried it?

Yes many people do it and have for years.

What does your screen look like while a program like this is running?

Why do you assume that the screen looks different.

Re:Out of curiosity...

Good point. Why would I assume a graphics card operation would have any effect on graphics? I've only ever used mine to take ice off the windshield.

Re:Out of curiosity...

He probably assumes the screen looks different because he assumes video cards are nothing but raw memory-mapped video framebuffers -- which hasn't been the case since 1990 or so.

Re:Out of curiosity...

[Verunks]

Why do you assume that the screen looks different.

because when you run a cpu intensive application your pc becomes really slow, so if you use instead your gpu the screen should become "slower" too, but probably you wouldn't even notice

Re:Out of curiosity...

The display buffer for a 1920x1200 screen with 24-bit colour takes less than 7MB. Even a fairly low-end graphics card will have at least 128MB of memory. In other words, there's plenty of memory for a program running on a GPU without needing to piss on the display buffer.

If your screen is just displaying a bunch of 2D windows, then the 100s of cores in your GPU will be sitting idle. Again, computations running on the GPU will have no impact on what you see.

Re:Out of curiosity...

[ShadowRangerRIT]

I run the Folding@home GPU client on my GeForce 8800 GTX. On Vista and later OSes (pre-Vista, the driver model wasn't well adapted to GPGPU and this leads to a polling driven communication scheme which is really inefficient), the effect on resources is unnoticeable aside from during games (where I kill the client to reduce jerkiness); the GPGPU work is lower priority and gets shunted aside from rendering, though the latency involved is a problem for graphics intensive games. For less demanding work and general usage, it's unnoticeable; the GPU is perfectly capable of drawing the screen and curing Alzheimer's at the same time. :-)

Re:Out of curiosity...

[Lunix+Nutcase]

Except for the fact that the part doing these calculations has nothing to do with the parts of the GPU that are handling outputting to the screen?

Re:Out of curiosity...

[Bobfrankly1]

What does your screen look like while a program like this is running?

Why do you assume that the screen looks different.

He is still running a Voodoo series add-on card that takes over the video output when it is in use?

Re:Out of curiosity...

[Waffle+Iron]

What does your screen look like while a program like this is running?

Well I haven't kept up with the latest developments, but if it's anything like the Sinclair ZX80 I'm posting from, the screen goes blank gray when you start actively computing. Then it returns to normal when the answer is ready.

Re:Out of curiosity...

[BlindSpot]

Again, computations running on the GPU will have no impact on what you see.

True, but if it did it'd be way cooler than the hourglass cursor! A program could use its calculation memory space as the display buffer for its own window while it runs. Auto-visualization!

Re:Out of curiosity...

[VGPowerlord]

Newer windowing systems no longer draw the screen as a single 2D object. This includes X (Compiz), OSX, and Windows.

Re:Out of curiosity...

I'm sorry but I will reveal myself as the ignorant noob I am (different AC than GP)...

Are there parts of a graphic card that do not do anything related to graphics, or are you just using extra capacity in the GPU?

Re:Out of curiosity...

[acohen1]

They still need people on the regular cpu client too since the gpgpu client can only solve certain datasets. I run the PS3 client which is a little different than the other two. I'd run the smp version on my quad core pc but its horribly inefficient in windows last I checked.

Re:Out of curiosity...

[CityZen]

No, you're looking at it the wrong way. A graphics card has several tasks, but you can broadly categorize the two major functions as:
1. Drawing stuff
2. Displaying what's been drawn
These are mostly independent functions, though there is some synchronization that allows the display part to start displaying what has just been drawn as soon as possible.

When a card is drawing stuff, it's typically utilizing memory that is separate from what's being displayed. Thus, if you are computing stuff instead of drawing stuff, it has no effect on what is being displayed. However, it does mean that other drawing tasks may be slowed down, so if you were running a 3D game at the same time as computing stuff, the performance would suffer. But your typical desktop drawing activity leaves the GPU idle most of the time. In that sense, you are indeed using extra capacity in the GPU.

Re:Out of curiosity...

[ShadowRangerRIT]

I run one instance of GPU, one of CPU (non-SMP). I've only got a dual core, and the GPU client uses about 10% of one core. Running a second CPU client seems to measurably slow the GPU client, so I only run one CPU. At "idle" my machine is at 55% CPU usage (+/- 3%). Also means that I've got some free CPU to run the background tasks and run apps without affecting performance or interfering with the F@H clients (since 90% of a single CPU runs just about everything but games without issue anyway).

80 Streams vs 4 Cores.

I should hope they could do 20 times better.

Re:80 Streams vs 4 Cores.

[Lunix+Nutcase]

Not every algorithm scales linearly.

boo

boo slashvertisement

Re:boo

[Gerb]

Indeed, if I tick "Disable advertising" ("As our way of thanking you... etc") do I get rid of these stories too?

103000 passwords per second. So?

[roman_mir]

On that one ATI board that get 103K passwords per second and only 4K on the latest quad-core intel (which by the way, is almost 26 and not 20 only times faster.)

So that's wonderful. How many passwords are there in 1024 bit SSL encryption? 1024 asymmetric is equivalent to 80 symmetric algorithm, so that's like 2^80 passwords, right?

Let's say 100,000 passwords per second, that's 10^5.

Google says this: (2^80 / 10^5 ) / (3600 *24 *365*1000) = 383 347 863

383.3 million years to go through every password in 2^80 possibilities.

In reality, of-course, not every combination is used, many passwords can be eliminated by heuristic and also it helps to have a good dictionary file handy, from which to generated most likely password combinations. That probably cuts down from 383 million years to something much more ATI friendly. Of-course we need to use stronger cypher.

As a final note: at last I understand why Hugh Jackman needed the 7 monitor setup, each one must have been used as an output device for the video card it was connected to. Obviously the video cards were the actual power behind all that hacking!

Password Recover is the new Hacking?

[olddotter]

What is with the spin talk here in the title? Basically this just says I need to use better passwords. Speak truths....

Re:Password Recover is the new Hacking?

This is just the nature of the beast. Its no longer Hacking... its "Penetration Testing". Its no longer Cracking... its "Password Recovery". There are two reasons for this: it provides semi-legitimate sounding terms for less then legitimate activities but also it allows the product to be marketed to an IT security department. Its like they said over at nmap.com, pretty much everyone is a script-kiddie these days. The only difference is 'hackers' are using open-source tools and doing it for their own purposes and 'security professionals' are paying for slick GUI tools at the behest of a company.

Re:My password.

[PawNtheSandman]

How dare you call me here! This is an unlisted wall!

High end video cards now tax deductible?

[perpenso]

So a programmable high end video card can probably be written off on one's taxes as a numerical accelerator? :-)

Finally!

[pyrr]

Finally...someone who understands!

I wanted to get one of those professional car door jimmy kits (the ones with a jimmy for just about every model of vehicle!) that tow truck supply vendors sell "just in case I get locked out of my car", but they had these outrageous demands that I "prove" that I was a legit tow outfit or garage.

The locksmith supply was much the same way when I tried to buy a lockpick set, "just in case I get locked-out of my house".

You can bet I'll be getting this software. I must've forgotten my password because I can't login to my secure wireless network, and I unfortunately don't have physical access to my WAP in order to reset it the cheap and easy way, with a pen tip.

Re:Finally!

[AdamTrace]

You owe me one new Sarcasm Detector. My current one just overloaded.

Re:Finally!

[notjohndavid]

Couple hundred bucks and you have a decent "professional car door jimmy kit" $10 and you have a lock pick set. I can't speak for everywhere in the US but where I live you drop the cash and you can buy the tools. Possession of the tool isn't illegal. It's the way it's used. The same way a gun is a tool if used for certain purposes (i.e. hunting or target practice). Use it in an improper manner and suffer legal ramifications.

Re:103000 passwords per second. So?

[Gothmolly]

FWIW, I work for $LARGE_US_BANK and we have an 8 character password limit, that MUST be exactly 8 characters, contain a number, etc.etc.etc.

MANY passwords can be eliminated through some social engineering.

ObRokicki

[michaelmalak]

From 1986:

Executes the cellular automata game of LIFE in the blitter chip. Uses a 318 by 188 display and runs at 19.8 generations per second. Author: Tomas Rokicki

Re:ObRokicki

[Blakey+Rat]

Is there a point you're getting at here?

Re:ObRokicki

[michaelmalak]

Just a reminder that using a graphics processor for non-graphics purposes has been around since at least 1986.

Re:ObRokicki

[Blakey+Rat]

Annnd?

Was somebody claiming the opposite? Is the advent of this technology relevant to the discussion at-hand? Should I go ahead and post a whole series of links just in case, for example, someone wasn't sure if ATI made graphics cards?

Re:ObRokicki

[Ant+P.]

It's more relevant to /. than the splogging at the top of the page.

Re:ObRokicki

[CityZen]

A discussion is more than trying to show how a previous commenter is wrong.

Sometimes it's okay to just add information that has some relevance that others might find interesting.

mm was just providing a historical context for using GP's to do computation, which is what the original post is about.

Re:103000 passwords per second. So?

[maxume]

So all you have to do to save 190 million years is buy two of them.

Excellent.

Re:103000 passwords per second. So?

[roman_mir]

no, definitely, you can buy 100,000,000 of them.

Then it's 3.83 years only. With a bulk discount will only cost maybe $10 per card, that's only 1000,000,000 a billion? Chump change for any government. Spend 100 times more money, get results in days.

Re:My password.

[Martin+Blank]

How do you put commas and spaces into the combination for your luggage?

Re:103000 passwords per second. So?

[maxume]

None of the additional units save as much time as the second one.

Password Recovery

[MrTripps]

"Password recovery" is about the same swarthy euphemism as "waste management" or "escort service." Why did an advertisement for hacking passwords get on /.? Aren't their IRC channels for that sort of thing?

It's pretty cool.

[pavon]

There have been several documentaries about hacking over the years that demonstrate the use of GPU-based computations. It is soo bad.

Re:My password.

[Mister+Whirly]

Bluetooth keyboard, duh.

ElcomSoft updates their Slashvertisements?

[InvisiBill]

http://it.slashdot.org/story/09/01/15/1334222/GPUs-Used-To-Crack-WiFi-Passwords-Faster

This seems to be an update of last year's story, just to mention that the HD5000 series is now supported, and it's faster on the newer, faster video cards.

Re:103000 passwords per second. So?

[L4t3r4lu5]

Well done, sunshine! You've just reduced the number of attempts to break $LARGE_US_BANK passwords to 1370114370683136 (78^8)

At 103000 attempts per seconds, that's... 421 years oh.

(Yes I know it's not going to take until the entire set has been attempted to crack a password.)

Re:My password.

[BrokenHalo]

Great! now when I go into the bank with my stack of Radeon cards they'll call security.

No, you're only doing them a favour by "recovering" their passwords.

Re:103000 passwords per second. So?

[socz]

Sure, if they're willing to adopt 'new technology.' Cause in 3 months something twice as fast will be out!

not recovering

[mjwalshe]

its about breaking passwords obvoisly targeting Jennifer the free wifi lady as a potential market

What's difference?

[ukemike]

What's the difference between "recovering a password" and hacking into a phone? Shouldn't the summary read "use GPU to break into stolen smart phones."

Re:103000 passwords per second. So?

[gbjbaanb]

yeah, but the letters are case-insensitive and can use numbers only, no special characters.... that makes for about 6 months on average (300ish days in the worst case).

now... can you run these cards in a SLI configuration, and how many cards can you buy after you've cracked^H^H^H^H^recovered Warren Buffet's account password? :)

It is not ATI, it is AMD

[postmortem]

ATi is sub-brand of AMD.

Then it sounds even better, we all like when underdog beats 10-times bigger Co.

john the cracker and pdfcrack, other apps?

ok, I understand the differences between linear processing and parallel processing. And the differences between cpus and gpus. And I understand that with some coding, nVidia/Tesla and ATI gpu cards can be used for parallel processing with applications the software (Tesla?) ports to, but will apps like john the cracker and pdfcrack be able to take advantage of the gpu card sitting in my desktop or laptop? Will it take some coding by the maintainers of john and pdfcrack to gain this ability, or is it too complicated? Can other apps take advantage of gpu processing also (I'm thinking apache (multiworker, increased processes instead of increased threads, etc), databases, ethernet, etc.

Better yet, can there be a middle layer, like (God forbid) java, modperl, php's engine or other that can be written as sort of a plugin to nVidia/Tesla or ATI which automates the process of enabling the parallel processing ability of the gpu cards to be used with any app as long as the middle layer ports the gpu abilities to a standard?

Nice to dream about it anyway. Can't wait for 8/16 cores and 8/16 GB standard ram shipping in laptops and low end desktops.

Re:john the cracker and pdfcrack, other apps?

[VGPowerlord]

If you have an ATI or nVidia card with a recent driver, you already have all the software installed that they need to take advantage of that gpu card's processing capabilities.

Someone should revoke Taco's privileges...

[thefuz]

This is a blatant advertisement. Who's responsible for letting junk like this through? Has your account been hacked, CmdrTaco (or should we now call you CmdrSPAM)? It's bad enough stories are often duplicates and days/weeks old. This is just sh*tty spam.

Re:103000 passwords per second. So?

[WuphonsReach]

At 103000 attempts per seconds, that's... 421 years oh.

Still within the realm of cracking, especially if those passwords guard a few million dollars of assets. 421 years sounds like a lot until you add things like:

- Crossfire or SLI where you have multiple boards installed
- Setup half a dozen machines to work on the problem
- Apply a botnet to the problem
- Future improvements in technology
- Apply some heuristics to the guessing process

All of which can easily shave off at least 2 orders of magnitude and possibly 3 orders of magnitude. Which reduces that 421 years down to a few months (or worse).

8 character passwords are pretty much dead in the water now. Or at least they need to be phased out within the next few years. Or protected by rate-limiters which control how fast passwords can be tried. (Personally, I always assume that the attacker has the stored hash and can apply parallelism to the attack. Which means that rate limiters should not be relied on to prevent cracks.)

Passwords are over.

[blair1q]

It's clear that it is no longer sufficient to use a string of text entered by a human being as a secure key.

Biometric or physical-token security should be a mandatory peripheral on all computing equipment sold.

For remote access, keys should start in the thousands of bits, and be locked on the client side by biometrics or tokens.

Short of that, failure to secure your data is your own fault.

What about....?

[hesaigo999ca]

I am wondering if the CPU cycling is better then the quad core intel chips we use in pcs today, could we not just force a use cpus on vid cards instead of cpus on motherboard to do stuff with? Then i could buy 2 cards, one which could be used as a real vid card, then the other to replace the cpu of the machine, and technically, we could also use this for backwards compatibility, say if we used it in a P3 computer, it would definitely improve performance greatly seeing as now you have a kickass cpu instead of the old P3....???

Re:What about....?

[Ant+P.]

Not really. GPUs are good at going really fast in a straight line. Throw so much as an "if" statement at them and they become about as fast as a P2. The closest you'd get to what you're describing is a Cell PCI-E card, or Intel's vapourware Larrabee.

Though if all you want is to use your old stuff on a new PC, you can get ISA/PCI card motherboards that run off the host's power/peripherals.

Re:103000 passwords per second. So?

[Revenger75]

True, a simple brute force will take nearly forever. However, if you have a good large wordlist with say the top 10 million passwords, then you should be able to "recover" most passwords in much less than a day. Furthermore, if you wish to do a bruteforce method, I would suggest John the Ripper. It will pump out wordlists using frequency tables. Thus your more common passwords alphanumeric passwords will be tested before say *()3s3Ag+%&c. Useful since most induhviduals don't like to memorize random passwords.

And I didn't RTFA, but this slashvertisement sounds strikingly similar to say pyrit/aircrack-ng/jtr available on Backtrack.

MaLDiTo_TeXuGo

How much faster is ATI 5000 compared to a PS3 Cell BE?

Re:103000 passwords per second. So?

[xded]

Google says this: (2^80 / 10^5 ) / (3600 *24 *365*1000) = 383 347 863

383.3 million years to go through every password in 2^80 possibilities.

Try this: 2^80 / ( 10^5 / s ) in millennia. Or try it with bandwidth calculations.

ded

Re: 8 character passwords

[colinnwn]

8 character passwords must remain the minimum allowed. If it goes higher, people can't easily remember them, especially when you are expected to change them every month/quarter/year. I could memorize and be willing to use a 12 character password if I never had to change it. Other mechanisms like running a password app on a portable flash drive, or token based security has advantages and disadvantages.

Really I think the answer has to be exponential rate limiting, where each incorrect guess doubles the amount of time before you can try again, starting with 2 seconds maybe. That gets intolerable for guessing real fast.

Re:103000 passwords per second. So?

where did you get the number 78^8 from? How do you remove every one that doesnt contain a number and whatever other requirements are on there?

AMD Fusion

[CityZen]

That's exactly what the AMD Fusion project is all about (integrating the GPU & CPU together). Google it.

Re:103000 passwords per second. So?

[CityZen]

They do if you measure time in X's. Each additional one is one more X.

Re: 8 character passwords

[Rich0]

How about ubiquitous smartcards and let's just get rid of passwords entirely?

Ditto for credit card numbers, or any other technology that involves having somebody authenticate your identity by being provided with a static piece of information that now allows them to authenticate themselves as you.

Re:103000 passwords per second. So?

[maxume]

At that point, you aren't actually measuring time anymore.

Re: 8 character passwords

[colinnwn]

I think it is a good idea. That's what I meant by token based security. But it does present a problem for things like smartphones and the coming light tablet computers. Do you carry around a RFID credit card as the token that the phone or computer reads? Do phones and small devices get exempted from this and you use gesture passwords? There are some things to get worked out.

Re:103000 passwords per second. So?

Still within the realm of cracking, especially if those passwords guard a few million dollars of assets. 421 years sounds like a lot until you add things like:
[...]
- Apply a botnet to the problem

Crap! I never realized that behind the slowness there could be something as organized as a Seti@home project. Most spyware slowing a Joe Blogs' PC enough to call me in for a "computer problem" check used to be due to inefficient and poorly coded spyware.

Any zero-network-access, long-run blackops activity pegging the CPU, fans and heating up cores when the owner isn't watching will have impact the duration of said parts. I owe you one for mentioning what was probably obvious but not known to me before. Most PC fixers do run the usual antispyware cleaning and see if outgoing network lights on the home router show unusual amounts of data moving without a visible cause. Then, we call it a day. You have opened my eyes

Re:103000 passwords per second. So?

[L4t3r4lu5]

Alpha, upper and lower case, numbers, special characters after sanitisation is 78 characters, if I remember correctly.

I may be wrong, but it's a good indication.

Re:103000 passwords per second. So?

Google says this: (2^80 / 10^5 ) / (3600 *24 *365*1000) = 383 347 863

Why on earth did you need Google to say that? They bought math?