Should I bring all my shoes and glasses?

//GPU acceleration of brute-force password cracking – some test numbers

General»Password Cracking | | 25. February, 2011

I realize this isn’t a new topic and even a few years ago at the law firm we considered buying Elcomsoft’s GPU cracker for the lab.  The reason I think this is somewhat relevant today is that previously the cost to build a cluster of CPU-based crackers was somewhat prohibitive.  Since we know GPU performance far exceeds the CPU when it comes to processing encryption or hashing algorithms it makes sense to transition the brute-force, and even rainbow table, attacks to a GPU-based system.  Thanks to nVidia and CUDA people can develop these apps, and thanks to Bitweasil over at cryptohaze.com and the CUDA-Multiforcer app we can all mess around with this functionality.

So I decided to run some tests.  Part of this was to confirm the results that others have posted, but I also wanted to determine what my old GTX260 card could do.  Here is the test: I generated a NTLM hash of an 8 character password consisting of only lower alpha characters and numbers for testing (1deron10).  The tests consisted of breaking the hash on 2 different systems (my system and a GPU cluster instance in the Amazon’s EC2 cloud) .  I also used 2 different tools for comparison, Multiforcer (both 0.70 and 0.80) and JTR 1.6.37 patched for NTLM.  For full disclosure I did feed Multiforcer with the loweralphanumeric character set file only.

Here are the results:

My system (Multiforcer):

  • Software – Multiforcer 0.80 on the GTX260 (192 cores)
  • Average speed- 199M pw/sec
  • Time to crack – 2 hours, 33 minutes (cracked at 75% of the key space)

My system (JTR)

  • Software – JTR v1.6.37 patched for NTLM on a Core 2 (Q6600) Quad Core overclocked to 2.8GHz
  • Average speed- 1.9M pw/sec
  • Time to crack – 2 hours, 42 minutes (cracked at 0.6% of key space)

Amazon EC2 (Multiforcer)

  • Multiforcer 0.70 on (1) Tesla 2050 card (488 cores)
  • Average – 722M pw/sec
  • Time to crack – 57 minutes (same as before, cracked at 75% of key space)

So while Multiforcer and JTR both took about the same amount of time on my system I’m going to claim that JTR got lucky this time.  More tests to come.  What do these results mean?  Well, password lengths of 8 or less are no longer secure…even for NTLM/MD4 hashes…assuming you only use 2 of the 4 possible options from lower, upper, numbers, and symbols.  At the same rate, using lower, upper, and numbers in an 8 character password gives you a key space of 62^8, or 218 trillion possibilities.  At the rate of my system using the GPU it would take 13 days to check 100% of the space.  On something with a little more power, say the RenderStream box (www.secmaniac.com), it would take 2 hours and 45 minutes at 22B pw/sec rates.  That is pretty damn reasonable.

One final thought.  If Multiforcer supported multiple cards on multiple cluster systems, then we could spin up 5 EC2 GPU instances giving us a total of 4880 CUDA cores to play with…that should get you much closer to the RenderStream box, but in place of spending $14k you’d use this at a $10.50 rate per hour (or 56 days of continuous use before I hit $14k)…well, that also doesn’t factor in the power draw from the RenderStream J

If I get time to test other options, lengths, and so on I’ll post an update.

Comments

  • Vijay says:

    Radeons are faster for GPU password cracking. My 5770 does 3.3 Billion NTLMs per second using ighashgpu.

  • Deron Grzetich says:

    You are correct sir, Radeon is faster…but I already had nVidia cards laying around to test so thanks for the reply. 3.3B is impressive….I’m assuming that is NTLM/MD4. Regardless, 5xxx/6xxx cards are going to be faster than nVidia with pretty much all hashes. I like the SHA1 performance per $ ratio in this (http://www.golubev.com/gpuest.htm) sheet. Last post I saw tested the 6990 that ran 10B/sec on MD5. If I had any extra cash I’d start buying a password cracker…or just keep using EC2 in the hopes that someone will release an open source multi-GPU CUDA app. Can’t beat it for $2.10/hr.

  • crackjack says:

    Have you tried cracking wpa hashes on the new NVIDIA Jetson TK1.
    I wonder what speeds we could get using these. And with regards to power I think they only use up 5v 2watt.

    If they built a cluster out of these then it would be the dawn of the portable supercomputer/hashcracker. If it could achieve speeds comparable to EC2.

  • Deron Grzetich says:

    I have not yet…I was considering trying out different FPGAs and ASICs to eval the price/performance ratio but didn’t get around to it yet. I don’t think it would be a big lift to port the current CUDA tools to this board, but the only downside to going with Nvidia GPUs is that it isn’t as fast at the other hashes we are more likely to need cracked (i.e. MD5/SHA, NTLM, etc.)

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    Next | Previous
    Theme made by Igor T. | Powered by WordPress | Log in | | RSS | Back to Top