Slashdot Mirror

← Back to Stories (view on slashdot.org)

New 25-GPU Monster Devours Strong Passwords In Minutes

Posted by Soulskill on from the om-nom-nom dept.

chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

25 of 330 comments (clear)

  1. my password by Anonymous Coward · · Score: 5, Funny

    So it doesn't matter anymore I'm using 000000 as password ....

    1. Re:my password by jones_supa · · Score: 4, Funny

      Hey, that's the combination of my luggage!

    2. Re:my password by AftanGustur · · Score: 5, Informative

      To all you gloom and doom people out there, here's my suggestion. If your password is monkeys1459, change it to monkeys1459monkeys1459. That's 22 letters and equally memorable.

      You are assuming that the password test function doesn't text the pattern XX i.e. the same string repeated.

      Password crackers actually test a number of permutations, like adding every digit 0-9 to the end of the string, reversing the order of characters, setting the first letter to uppercase, setting all the letters to uppercase, AND, repeating the password.

      So your little "trick" is already outsmarted by today's password crackers.

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    3. Re:my password by bogie · · Score: 4, Insightful

      And many password strength checkers don't catch that either and let you think you are picking a good password.

      Single factor authentication has had it's run. Now it's deader than a doornail. Time to move on and stop living in the past.

      --
      If you wanna get rich, you know that payback is a bitch
    4. Re:my password by hawguy · · Score: 4, Insightful

      1.... 2.... 3.... 4.... 5....

      29 characters, including spaces...not bad. As long as the attacker doesn't know anything about your password and has to test all ASCII printable characters, that's over 180 bits of entropy in your password. So I think you're safe - the article says it would take 5 hours to hack an 8 character NTLM password. (which is not the same as LM (WinXP))

      I think NTLM only keeps a 128bit hash, so if it were possible to brute force the entire key space, the attacker would likely find a hash collision that works as your password before finding your actual password.

    5. Re:my password by Technician · · Score: 4, Insightful

      My door lock is even more secure with a 4 digit pin. 3 failed attempts lock it out for several minutes. More failed attempts lock it for an hour. It doen't bother to tell you it is ignoring you during that period. A penalty instead of millions of free retries should stop that without physical access.

      --
      The truth shall set you free!
  2. Use different passwords for different things by TheLink · · Score: 5, Insightful

    My conclusion is to use different passwords for different things. They don't have to be that strong.

    As long as the passwords are strong enough to prevent brute forcing over the _NETWORK_ they are strong enough. If you don't pick an overly stupid password then either you or the site is going to be pwned before the hackers brute-force/guess your password over the network.

    If someone has hacked into the site to obtain the hashes, it's likely they can do other stuff anyway (make transactions, get your info, maybe even get the plaintext of your password), so don't waste your time making and using super long passwords.

    --
    1. Re:Use different passwords for different things by bmo · · Score: 5, Insightful

      Pretty much this. Brute forcing passwords over the Internet is silly and non-productive.

      >it's likely they can do other stuff anyway

      What, you mean like the Youporn chat registration list that had the usernames and passwords *and* verification email addresses in plaintext? Or like when Yahoo was compromised? Or like dozens of other companies were compromised? Or like when EMC was spear-phished out of RSA tokens?

      My concern isn't someone with a hundred Tesla cards cracking passwords. My concern is dumb admins and people falling for social-engineering.

      --
      BMO

    2. Re:Use different passwords for different things by DrXym · · Score: 5, Informative
      Different passwords for different things is a good idea.

      But the issue is not brute forcing over the network. The issue is hackers stealing a database of passwords, then bruteforcing the lot of them locally. Some sites don't even bother to hash the password at all and some don't salt them or use a weak hash. So if the database is lifted, the hackers could potentially recover some or all of the passwords with little or no effort. So if you use the same email and password for an insecure site as a strong site, you are trouble.

      Therefore it would be wise to arrange sites into tiers of importance. Tax / health / social security on the top. Then banks. Then cloud / email services. Then stores. Then sites with personally identifying info. Then forums and other throwaway crap. For each tier take appropriate measures to ensure uniqueness of the password and login id and use password safe to manage this mess. On the bottom tier, you could probably use the same throwaway password for every site, or a variant of it (e.g. tack on the first 4 letters of the domain host) since a compromise is a nuisance rather than as a threat.

      And use something like Password Safe so you don't have to remember all this crap.

    3. Re:Use different passwords for different things by somersault · · Score: 4, Informative

      I keep my Keypass database in Dropbox. That way it's synched to all my machines, or I can download it to my phone, or access it via a web browser.

      --
      which is totally what she said
    4. Re:Use different passwords for different things by Anonymous Coward · · Score: 5, Insightful

      i think email should be on the top list of priority - because "reset your password" on every other system tends to use your email address. lose control of your email and you've lost control of everything else.

    5. Re:Use different passwords for different things by Rich0 · · Score: 4, Interesting

      That episode is the main reason why I've stuck with them - I was a customer at that time.

      When that breach occurred nobody knew about it but them, but they immediately broke the news and generally treated the situation in the most conservative manner possible. Their treat assessments as communicated out seemed accurate to me.

      So, sure, you're more secure if you never put your passwords out in the cloud to begin with - nobody can question that (assuming you still use strong unique passwords for each site and just carry them around with you on a PDA or USB drive or something). However, if you are going to use a cloud service then would you rather use one that has an episode like this and does full disclosure, or one that puts the marketers in charge and covers the whole thing up? The only reason you can cite that example is because Lastpass did the right thing.

      If the alternative is to just pick a few memorable passwords and use them on many websites each, I'm not convinced you're better off.

  3. Re:Lockout? by HungryHobo · · Score: 4, Informative

    that's not the context this sort of thing works in.

    passwords are stored as hashes. for example of you log into a terminal you don't want the terminal sending your pass over the network.

    So it pulls down a list of hashes and compares it to the hash of your password. or it hashes your password and sends it over the network.

    The idea is that someone picks up these hashes and then brute forces them at home.

    not that they keep trying to log into your account one attempt at a time.

  4. This is hype: NTLM is broken by design by slb · · Score: 5, Insightful

    This is well known and no sane people uses NTLM auth anymore, even Microsoft recommend to deactivate this authentication method. The idiots at Microsoft used a DES ECB implementation instead of CBC that anyone with two ounce of crypto knowledge would choose. The practical impact of this very bad design choice is that a 14 character password has as much complexity as two independant 7 characters passwords ! So when the authors brag about cracking a 14 character password in 6 minutes, what they're really doing is cracking two 7 character passwords in 6 minutes, this is entirely different and not impressive at all.

    --
    http://www.transparency.org
  5. Ob "correct horse battery staple" by Rogerborg · · Score: 4, Informative

    A customer asked us recently if we could recover some of their passwords stored (hashed) on our system.

    "Sure we can, if you used really poor passwords."

    --
    If you were blocking sigs, you wouldn't have to read this.
    1. Re:Ob "correct horse battery staple" by mwvdlee · · Score: 4, Insightful

      You mean your system allows users to enter weak passwords?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  6. Re:"Strong" by dkf · · Score: 4, Interesting

    For comparison, the password to an account I use fairly often is 128 characters.

    That must be annoying to type in every time.

    More seriously, if that's a password but the system in question is only storing a relatively short hash of it, all the attacker has to do is find something that hashes to the same thing. That's pretty simple to do if you've got the grunt compute power, as there's usually no other checks on the sense of a password at the point of use (which isn't the same as the point of definition). In effect, you're not hindering attackers at all but you are making things worse for yourself. Congratulations on your addition to Security Theater! With thinking like that, you're almost qualified to work for the TSA...

    (Myself? I disable logins with passwords wherever I can. Turn up with a cryptographic key — the verification of which is not a hashing operation at all — or don't turn up at all.)

    --
    "Little does he know, but there is no 'I' in 'Idiot'!"
  7. Re:Time delay? by ledow · · Score: 4, Interesting

    This isn't about live attacks on a system. This is about "offline" attacks and even things like hash collisions (where someone can make a certificate or a download that has the same hash as the "official" one but is fake or contains malware, etc.).

    If you can take a login system and run millions of queries against it, it's a stupid system. But if you can steal a hashed file of password, or old hashed tokens from the network, then you can theoretically break them now in the time it takes to reboot the computer (if you could log into this other system remotely).

    Things like the Sony break-in would reveal everyone's password, not just the other stolen details. And on a local network, you could sniff tokens sent for NTLM services etc. and start impersonating other users before it could even be detected. Of course you have to have a certain level of compromise / access already to get to that stage, but it doesn't make it any less dangerous to be able to forge hashes or find out their plain-text.

    Please note, also, that things like these hashes have been used historically to verify software is genuine, as part of encryption algorithms, random number generators and all sorts of other things. At the time, they were reasonably unbreakable, but now they aren't. And that breaks lots of things if they are still relying on them.

    Impact to security-conscious users: Zip.
    Impact to security-unconscious users: Huge.

  8. Can it bust my neighbours WPA wifi setup? by AbRASiON · · Score: 4, Funny

    I'm really low on porn at the moment and hit my monthly internet quota!

  9. Re:first by kh31d4r · · Score: 4, Funny

    imagine a beowulf cluster of these...

  10. So...what would the solution be? by Phoenix · · Score: 4, Interesting

    If passwords are getting cracked so quickly these days, what then is the answer? Authenticators are all well and good, but I don't have room on my keychain for one for Blizzard (I know about and have the one for my iPhone), one for Amazon, one for PayPal and eBay, one for Gmail, etc and so forth.

    What would be a viable solution then?

    --
    -- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
  11. Re:"Strong" by fatphil · · Score: 4, Interesting

    > You're propagating security through bogosity.

    And flagging this:

    http://www.schneier.com/crypto-gram-9902.html

    Snake Oil Warning Signs

    Warning Sign #5: Ridiculous key lengths.

    --
    Also FatPhil on SoylentNews, id 863
  12. Re:MD5? Windoze XP? INSECURE LEGACY!! by PlusFiveTroll · · Score: 4, Insightful

    There problem is there is still tons of old sites that have MD5 storing passwords. Then there is the second problem of password reuse. Username/Password reuse is the more dangerous of the two, because it can render an account on a system with strong passwords where then local attacks can be attempted.

  13. Re:MD5? Windoze XP? INSECURE LEGACY!! by AftanGustur · · Score: 4, Informative

    Who gives a rat's ass about such golden oldies? It's been possible for the longest time to fairly quickly crack windoze passwords (if you have the file) and MD5 has been known to be insecure for quite some time already...

    Yes and no.

    LanMan hashes have been brute forceable for a long time but neither proper NTLM nor NTLM2 have, so hacker have had to "trick" clients into sending the LanMAN hash, or recovering it from the SAM file.

    Another trick that is often used to secure the password is to simply not support LanMan.
    one little known fact discovered by Urity of SecurityFriday.com is that if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail.

    So, yes and no, security consious companies have been able to protect themselves from brute forceable passwords for over 10 years.

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  14. Re:MD5? Windoze XP? INSECURE LEGACY!! by Bert64 · · Score: 4, Informative

    No and no...

    If a windows box is trying to connect to you (ie single sign on so it tries to auth to you), you don't need to trick it into sending the lanman pass, you can just reflect it back (google: metasploit smb_relay). But your talking about the network level NTLM, not the hash stored on disk. You can indeed try to brute force the NTLM challenges, if you wanted to.

    You can brute force NTLM hashes (the disk stored kind) easily, the hashing itself is very weak compared to anything used on unix for many years.

    On the other hand, you can exploit a design flaw in the aforementioned network authentication protocols which let you use the hash for authentication (google: pass the hash) - that is you don't need to bother cracking it at all, just use it.

    As for where you get hashes....
    Backups.
    Local admin hashes on workstations etc (usually they are all the same on a large organisation)
    From memory when users are logged in which includes service accounts (google: gsecdump) or you can even extract the plaintext (google: mimikatz)

    Typically you only need to find a single insecure system and you will be able to compromise an entire domain within minutes, even when most machines are fully updated and/or hardened.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!