Password cracking developement...

LoLth

interesting article here:
http://www.h-online.com/security/news/item/Password-cracker-100-times-faster-with-an-SSD-950184.html

basically, by using Rainbow Tables on a SSD instead of a normal SATA drive, it seems the password cracking speed of a system can be increased quite dramatically.

Its interesting because it would appear that the main issue with the time to crack passwords is more due to Hard drive speed rather than processing power.

Add to this the performance increase when the rainbow tables are as large as possible and there's a strong argument for Fibre-connected SSD racks of raided hard drives containing terrabytes of rainbow table data...

BaconZombie

Interesting, I saw this pop up on twitter last week and hopefully get to look into more this week.

I know allot of people are using GPU {CUDA}.
David Kennedy (ReL1K) just build an epic CUDA box for password cracking:

Alright, lets first start off with what is the purpose of this machine and why build something like this. If you haven’t heard about the ability to utilize GPU processing power to crunch mathematical equations and such, your missing out. The current setup utilizes 4 BFG Nvidia GTX 295’s in a manner that crunches about 120,000 PMK’s per second via WPA/WPA2 captures, on a normal processor you will do around 100 PMK’s per second. Additionally, just utilizing one GTX 295 and multiforcer, the machine was cracking around 2300 million attempts per second (took 15 seconds for a 7 character password). Talking with BitWeasil he is looking to add multi-GPU support shortly, so think 2300 million * 4 = 9200 million attempts per second.

http://www.secmaniac.com/uncategorized/building-a-badarse-cuda-cracking-server/

Matt O Connor

BaconZombie wrote: »

Interesting, I saw this pop up on twitter last week and hopefully get to look into more this week.

I know allot of people are using GPU {CUDA}.
David Kennedy (ReL1K) just build an epic CUDA box for password cracking:



http://www.secmaniac.com/uncategorized/building-a-badarse-cuda-cracking-server/

100 pmk's a second? Is he using an iPhone or an outdated version of aircrack?

120,000 PMK's p/s is pretty impressive - max I've seen personally is 15,000 on a quad core with a GTX 285.

digme

You'd wonder why anyone would allow more than 3 password attempts in the first place in their software.I suppose certain parties need more than 3 .. wink wink.

LoLth

generally password cracking isnt performed against the live login site. Its usually done against password hashes that have been taken from the authentication box for the target domain or application.

wolfric

Maybe i'm misunderstanding here but let's say you fill up a couple TB hard drives (sata) and set to sorting them alphanumerically by hash. Could you not just use a binary search. you'd have your password within a minute.

The operation time increases logarithmically with increasing hard drive space so let's say you doubled your space from something like 4 TB to 8 or 8 to 16.. You'd only need 1 more operation (which is fraction of a second) for each double.

BaconZombie

What you are talking about is Rainbow Tables.

The CUDA boxes are normally used to generate this lists.
At 26c3 last year they used GPU's and CPU to create Rainbow Tables for the GSM A3/A5 encryption.

wolfric wrote: »

Maybe i'm misunderstanding here but let's say you fill up a couple TB hard drives (sata) and set to sorting them alphanumerically by hash. Could you not just use a binary search. you'd have your password within a minute.

The operation time increases logarithmically with increasing hard drive space so let's say you doubled your space from something like 4 TB to 8 or 8 to 16.. You'd only need 1 more operation (which is fraction of a second) for each double.