Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Cracking SHA-1 derived passwords faster
-
04-08-2007 3:16am#1i could be wrong about the following, but so far i think all works well, atleast in theory, and a little experimenting..
Part of the process in SHA-1 involves expansion of the 16 word buffer to 80 words.
http://www.itl.nist.gov/fipspubs/fip180-1.htm
[PHP]b. For t = 16 to 79
let Wt = S1(Wt-3 XOR Wt-8 XOR Wt-14 XOR Wt-16).[/PHP]
3 main inputs which can be distinguished from each other are:
The 8-bits, at a specified index in the buffer.[EDIT:each character]
The end bit,(0x80) appended after all bytes in the buffer.
The number of bits stored in the buffer,usually at index 15.
To optimise a brute force attack on passwords created with SHA-1, follow the same pattern as attacking DES using Bit-or'ing of key schedules.
Take the first letter of the alphabet to be used in the crack, and create
1 pre-expanded buffer for each index up to max length of passwords to try.
Of course, this would require 10*320 bytes for just 1 character
if testing passwords up to 10 in length.
For demonstrations, just use 8, as this would take quite some time anyway, given something like 62 characters 0-9/A-Z/a-z in the alphabet being used.
still, up to 10, would be (62*10)*320 bytes, 198,400 KB - no worries about space
initially, the first buffer being passed to the main SHA-1 rounds will already
have the end bit and number of bits set.
then we take the first buffer of the first character, already processed through the expansion routine,and XOR these bits against the end bit/number of bits buffer,which has also been pre-processed through the expansion routine.
[PHP] for(length = 0 to maxlength, increase length)
for i = 0 to 79
a = charset_pre_expanded_buffers[length]
b = end_bits_and_other_chars
b ^= a
process_buffer = b
end for
hash = sha1(process_buffer)
if ( hash == hash_to_find )
print found
break
end if
end for[/PHP]
By eliminating the expansion, we can efficiently use SIMD instructions
in both desktop CPUs and Hardware (FPGA,ASIC) by avoiding the shifts/ors
required to complete bit rotations..somebody correct me if this is
already done in hardware!
there are still 2 more rotates for each round, but this may be avoidable also.
atleast there are 64 less rotates, and 128 less XORs to do now in a brute force attack
WPA-PSK cracking would probably benefit quite alot from any optimisations! such as cowpatty by johnny cache
EDIT:use an XOR, not OR as previously said..0
Comments
-
-
-
mick.fr wrote:So what the results means ?
nothing major.. just that for those who wish to crack SHA-1 derived passwords faster, they can increase the speed by roughly 150% using the method i describe.
i've not seen it done before, so..i assume its new thing to experiment with.
i tested 1 password cracking app attacking SHA-1, which did about 2.1 million k/s - openssl sha-1 on its own does about 3.2 million k/s
the sha-1 i tested with described method was doing 5.7 million k/s which is equivilant to speed of full MD5.
alot of people write it off as nothing, but i think its interesting, and remember, you saw it here first!
EDIT: i think david hulton, who compiled coWPAtty for FPGAs may be interested in this, because of the number of rounds required by WPA-PSK to compute a key.
i think its roughly 4096 rounds of SHA-1 for each key..hehe, any kind of speed increase would be welcome..
the main problem in hardware/SIMD i can say is bit-rotations.
these hash algorithms were all designed for little-endian 32-bit cpus which natively support bit-rotations.
so you need to do shifts/ors, which can take quite alot of time in pc desktops which aren't suitable of course.
it would be great to remove all bit-rotations, if its possible.0 -
-
Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,563 Mod ✭✭✭✭
Join Date:Posts: 91801
http://en.wikipedia.org/wiki/Custom_hardware_attack#History
DES is not the same as SHA-1 but http://en.wikipedia.org/wiki/Sha-1 says "lowering the complexity required for finding a collision in SHA-1 to 2^63" and the http://www.copacobana.org/faq.html says No, any symmetric cipher with up to roughly 64 key bits can be attacked with COPACOBANA. Examples include CSA (Common Scrambling Algorithm) or GSM A5. Moreover, presumingly strong ciphers with a long theoretical key size can be broken if the number of required steps is less than 2^{64}. This can, for instance, be the case for ciphers with a weak key derivation function, e.g., AES with 8-character keys, etc...Cost-Optimized Parallel COde Breaker)
...
COPACOBANA costs about $10,000 to build and will recover a DES key in under 9 days on average
So it's possible to get serious crunching hardware for less than some www.barryboys.co.uk spend on tarting up a Nissan Micra. I don't know how many days/weeks it would take to break SHA-1 but this just means you could get your answer in 2/3 thirds of the time.
Or you could buy more hardware and get the answer faster. But the thing to remember is how long does the information have to be kept for ? For live stock quotes, the answer is 15 minutes, because after that they are free. For satellite TV maybe a little longer. For your diary presumably you don't want it decrypted in your lifetime. So far Moores law says that processing power per dollar doubles ever 18 months ( or two years or something ). However algorithms improve too , not as predictably as Moores law and you'd have to factor that in too. Example if twenty years ago the best algorithm would take 100 years to crack on a top of the range computer, today it would take one year, using the same program on modern hardware. Factor in another factor of 10 for parallel processing / gpu / fgpa kit and algorithm improvements and that 100 years is now in the order of a month or two. Factor in a botnet and you could be talking next day
Breaking encrytion is slow and even modest tweaks are worth the hassle, and they all add up.0 -
Advertisement
-
-
-
Advertisement