Huge GPU cluster makes password hacking a breeze
Posted on 06 December 2012.
Cracking encrypted passwords is getting increasingly easier as researchers come up with new ways of harnessing CPU, GPU and cloud power to perform the task.


The latest of the improvements in this particular research brach comes from Jeremi Gosney (aka epixoip), who at the Passwords^12 conference held earlier this month in Oslo, Norway, shared with the attendees his latest achievement: a cluster of five 4U servers and 25 graphic cards that go through 180 billion MD5 hashes per second.

The servers, equipped with 25 AMD Radeon GPUs and communicating via the InfiniBand switched fabric communications link, make NTLM and LM hashing practically worthless, as a 8-character long NTLM can be cracked in a little over 5,5 hours (at 348 billion hashes per second), and a 14-character LM hash - because the password is split into two 7 char strings before hashing - can be revealed in less 6 minutes flat.

When testing SHA1 hashes, Gosney's system can check 63 billion of them per second, while it takes it considerable more time to decrypt a password hashed with Sha512crypt and Bcrypt algorithms, for which it will able to test 364,000 and 71,000 hashes per second, respectively.

To make this hardware setup work, Gosney used the Virtual OpenCL (VCL) cluster platform and the HashCat password cracker.

According to him, the software he used would work as it should on a setup that included up to 128 AMD GPU's, and possibly even more, as VLC solves the problem of load balancing across the cluster easily.

The limitation of this configuration is that it cannot be used for attacks against live systems, but could be extremely helpful for decrypting the huge leaks of password hasheds that became normal in the last couple of years.

According to The Security Ledger, Gosney plans to recoup some of the money invested in this project by renting out time on the setup or even setting up a paid password recovery and domain auditing service.






Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //