Slashdot Mirror
Brute-Force Password Cracking With GPUs
An anonymous reader writes "We all know that brute-force attacks with a CPU are slow, but GPUs are another story. Tom's Hardware has an interesting article up on WinZip and WinRAR encryption strength, where they attempt to crack passwords with Nvidia and AMD graphic cards. Some of their results are really fast — in the billions of passwords per second — and that's only with two GTX 570s!"
Didn't we hear about this a week or two ago?
If we throw enough GPUs at it, if we could detect dupes on Slashdot?
this has been known since 2009....
Zip and RAR encryption has never been trustworthy. Let me know when they can crack GPG.
Give me Classic Slashdot or give me death!
I've been told before that WinRar's encryption wasn't much to crow about, but this article says it's 128-AES. So.. which is it? Is it fairly secure (provided it is used properly...) or does it still have a major weakness that makes it easy to get into?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
WinZIP and WinRAR have effective encryption, but one needs to have an effective passphrase with it.
Ideally, the best way to encrypt stuff is with not just a passphrase, either with random keyfile for symmetric encryption, or use public key crypto (although PK crypto has its own caveats). This way, there is no brute-forcable passphrase to guess, so an attacker has to deal with the complete keyspace of an encryption algorithm, and not just what people type in.
Someone worked out how to scan a billion entries in a rainbow table per second using a GPU?
Didn't we hear about this a week or two ago?
It was a slightly different entry in /.'s series on "passwords are dead! oh noes!", except it was on brute forcing hashed passwords. It makes the same fundamental mistake that comments on that post pointed out _repeatedly_.
This is on brute forcing data encrypted with a symmetric cipher whose key is derived from a password. Yes, if you naively translate the password into a key, you go from a 128 or 256-bit keyspace to about the size of the dictionary.
Crypto 101: if you're deriving a crypto key from a password, you either need to do many rounds of encryption or use a stretchable hash function to derive the actual key.
Passwords aren't dead. If you force the attacker to take seconds of time for each password, moderately complex passwords are still not breakable.
What we really need are crypto libraries that also use the GPU so that we're not at a disadvantage compared to the attackers. In a nutshell, we need our stretchable functions to be implemented in OpenCL.
So why don't more systems lock you out after 3 tries for another 10 minutes or an hour?
That would deny brute force attacks.
For most intents and purposes this is not that news worthy. In order to get processing performance like this you need a system that can also answer billions of password guesses per second. So keeping it simple, you need to get said database, make it function on/in a system/environment that can handle and that will allow this much activity for all those guesses.
ergo, someone has to jack yo shit before they can start guessing your password which may be more difficult than just trying to guess that password leaving you back to square one where you will most likely do something OTHER than a brute force/dictionary password attack!
Do you want to mine for Bitcoin, and get .0001 Bitcoin per hour?
Or do you want to mine Bitcoin passwords and possibly get tons of Bitcoin per hour?
Seems all you need is people's login name who has a lot of Bitcoin. Oh and you have to be a thief, which precludes anyone who has morals.
God spoke to me
I gotta ask why GPUs are faster? And because they are faster, why aren't CPUs using methods and techniques similar to GPUs for getting certain things done? I remember the days of the "math coprocessor" that the math processor was used to help speed things up by performing math on-chip rather than by using subroutines in software.
I was always under the impression that GPU means graphics processor unit, not "Guessing Passwords Unit."
"Omg, what am I going to do about my eight char password I use half across the Internets?"
Well...
One could print out a passwordcard.
Then one might start using passwordmaker, to whatever phone/OS one fancy. By which time one (sh/c)ould check if ones passwords are long enough and while this "one" is at it, have a look at these tricks from an almost "tl;dr-ish" list. Now, apply elbow grease and a bit of go figure. "Problem solved? Moving on?"
Oh, who am I kidding? Then all those (fear) mongering polemics would have to starve and we cant have that now can we? *fancifying tinfoilhat*
"If terrorists hate us for our freedom, does that mean they're slowly starting to like us?" -- Philosoraptor.
With the recent MTGox compromise, I've been looking at a better password system. It looks like one way to go is to use a program like password safe or keesafe to generate unique passwords per website. However, I'm curious as to how resistant these master files are to GPU attacks. GPUs basically sliced through the MTGox MD5 hashes like butter. How long would it take a higher-end distributed cluster to break a Password Safe master file? It's blowfish encrypted I believe.
yes this is a dupe, but when GPU companies selling cards for $600 etc start throwing around payoffs many sites answer. solution? dont buy cards over 100 bucks
video cards used to cost 30 bucks, until a few companies decided to charge more.
a sure sign this is astroturf designed to drum up sales? just read the tag.
"Some of their results are really fast — in the billions of passwords per second — and that's only with two GTX 570s!"
ORDER YOURS TODAY WHILE SUPPLIES LAST!!!
Which tool can crack 7zip passwords?
Where is the practical relevance?!
If done over a network I guess it would generate a kind of traffic no server could handle.
In forensics, yes. But where otherwise?!
They did this on a desktop gaming system. It wasn't a supercomputer.
is there some sort of fundamental hardware/architecture difference that makes them better suited to this task?
This. GPUs have dozens of cores optimized for parallel computation.
Dilbert RSS feed
Things to remember - password difficulty is based on x^y, where x is the number of possible characters and y is the password length. Increasing password length is *always* going to be more effective than increasing the mix of characters (indeed the point of a dictionary attack is to reduce can be thought of as reducing 96^8 8 character passwords to a mere 250,000^1).
Each additional alphanumeric character increases the search space by a factor of 62 - a two word password is still only 250,000^2, a password of ten random lowercase characters is 26^10, a *much* larger number.
Moores law says processing power doubles ~18 months. Every new lowercase character extends life of your password almost 12 years before new hardware can decrypt it as quickly as today's hardware. 23 1/2 if you use upper and lowercase.
Don't panic.
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
Cracking archive passwords; although as best I can tell those are primarily used only by spammers releasing fake warez.
Further examination tells us that over 3000 people in China were taking a shit at the exact same time.
Coincidence?
I can finally unpack all that passward-protected warez from 1999.
I think everyone should panic, they're taking over... and we're selling them to you.
http://www.ccny.com/
True, this is a case of one metric tested on a closed system being projected into the rest of networking and the internet. If you were to try this over an external connection, even that of a closed network, you will see those numbers drop off drastically. Adding a simple fix like limiting the number of log-on attempts in a time period stops this measure cold. It doesn't matter if you can cycle through 10,000 combinations in a second if the server locks you out after ten.
Brute cracks YOU!
This sig is not paradoxical or ironic.
I'd like it to speed compile times.
I like Gentoo and all but I'd really like it if building the thing got faster.
I started using a passphrase for my personal computer, and it is easier to remember, more natural to type since I can touch type, and exponentially more secure. In fact, my passphrase is "4 score and 7 years ago...", which is much more secure than "4sa7YA". Try cracking that one!
Where is the practical relevance?!
When you design a security system that relies on passwords - you need to make the assumption that the attacker has either the password hash or the binary file that is being protected. In which case, they are not subject to any delays or lockouts and they can ramp up the brute-force rate to whatever they can afford. They may even have access to a 10k machine botnet, in which case their resources will far exceed your own. So you should also make the assumption that the attacker has more resources then you, probably at least 1-2 orders of magnitude more then you do.
It doesn't require all that much more effort to make sure you can survive against an attacker who can run a brute-force rate of a few billion attempts per second. Mostly, you just make sure that minimum password lengths are increased out to 10 or 12 characters and that you enforce complexity rules. Don't allow users to enter short passwords that are dictionary words. Maybe even maintain a list of the top 10,000 known passwords in the wild and check against that list before accepting a user's password.
Secondly, you make sure to store the passwords as hashes (not plaintext) and that you use a unique salt (of at least 12-16 bits) for each account. That way, if the hashes are stolen, they can't just generate a single rainbow table for the entire password list. Instead, they will have to brute force each individual password by itself.
Third, you need to design the system so that it never sends hashes over the network where they can be sniffed. And make sure that all communication is over encrypted channels.
Wolde you bothe eate your cake, and have your cake?
Using GPUs to crack passwords isn't going about it the same way that you are thinking. There are no network connections to a server as the GPUs wouldn't be any faster at that than a normal CPU. What they are doing is getting a copy of the encrypted passwords in some way. Either from a workstation with cached passwords or gaining some amount of access to system to get a hold of the encrypted passwords. Then they run the cracking software against that local file using the GPUs to do the heavy lifting.
Back in the mid 90's I remember we ran a quick little utility on the windows nt box connected to the domain and it gave us a file that could then be passed to a cracking program. After the initial dump it didn't need network access and just sat there churning away spitting out passwords as they were found. It took progressively longer the more characters there were in the password.
Fast forward 10 years and the methods used to encrypt the passwords has gotten much better to the point that even a multi core CPU just couldn't make enough headway in a short amount of time without using something like a super computer or HPC cluster. Then move forward to GPU computing where you can throw thousands of little cores that are really good at checking passwords into a single computer and you move from needing racks of servers to a decent desktop with a few GPU cards to do the same work.
So why is this relevant if you have to get into the system first to get the file. Well the answer to that is you only have to find one weak link in an organization to get a hold of the encrypted passwords for the entire system. So if you can convince one normal user to run malware that harvests that file and sends it off site you can work on cracking it at your leisure.
We recently threw our password file at a single Nvidia Tesla M2050 card and we were able to get all the passwords with 8 characters in just a few hours even with complexity requirements. We were able to do pretty much anything under 13 in a few days. It prompted us to change the encryption on passwords stored in ldap as a result of it.
ask for phone confirmation if more than 30 attempts have been made in 1 hour. How will GPUs help now?