New 25 GPU Monster Devours Passwords In Seconds

[Eugen Leitl]

(if these BitCoin ASICs land they'll probably even more SHA-256
based password hashing schemes)

http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/

New 25 GPU Monster Devours Passwords In Seconds

December 4, 2012 7:12 pm 7 comments	

Author: ledgeditor

Tags: conferences critical infrastructure Government hacking password

There needs to be some kind of Moorebs law analog to capture the tremendous
advances in the speed of password cracking operations. Just within the last
five years, therebs been an explosion in innovation in this ancient art, as
researchers have realized that they can harness specialized silicon and cloud
based computing pools to quickly and efficiently break passwords.

Password Cracking HPC

Gosneybs set-up uses a pool of 25 virtual AMD GPUs to brute force even very
strong passwords.

A presentation at the Passwords^12 Conference in Oslo, Norway (slides
available here - PDF), has moved the goalposts, again. Speaking on Monday,
researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged
the Open Computing Language (OpenCL) framework and a technology known as
Virtual Open Cluster (VCL) to run the HashCat password cracking  program
across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and
communicating at  10 Gbps and 20 Gbps over  Infiniband switched fabric.

Gosneybs system elevates password cracking to the next level, and effectively
renders even the strongest passwords protected with weaker encryption
algorithms, like Microsoftbs LM and NTLM, obsolete.

In a test, the researcherbs system was able to churn through 348 billion NTLM
password hashes per second. That renders even the most secure password
vulnerable to compute-intensive brute force and wordlist (or dictionary)
attacks. A 14 character Windows XP password hashed using NTLM (NT Lan
Manager), for example, would fall in just six minutes, said Per Thorsheim,
organizer of the Passwords^12 Conference.

bPasswords on Windows XP? Not good enough anymore,b Thorsheim said.

Tools like Gosneybs GPU cluster arenbt suited for an bonlineb attack scenario
against a live system. Rather, theybre used in bofflineb attacks against
collections of leaked or stolen passwords that were stored in encrypted form,
Thorsheim said. In that situation, attackers arenbt limited to a set number
of password attempts b hardware and software limitations are all that matter.

The clustered GPUs clocked impressive speeds against more sturdy hashing
algorithms as well, including MD5 (180 billion attempts per second, 63
billion/second for SHA1 and 20 billion/second for passwords hashed using the
LM algorithm. So called bslow hashb algorithms fared better. The bcrypt (05)
and sha512crypt permitted 71,000 and 364,000 per second, respectively.

Benchmarks - Fast Hash Cracking

Published benchmarks against common hashing algorithms using the 25 GPU HPC
cluster

In an IRC chat with Security Ledger, Gosney said he has been developing the
new platform since April, after trying his hand at pooling traditional CPUs
for password cracking.

bI was extremely disappointed that setting up a clustered VMware instance
wouldnbt allow me to create a VM that spanned all the hosts in the cluster.
E.g. if i had five VMware ESX hosts with 8 processor cores, I wanted to be
able to create a single vm with 40 cores and use all nodes in the cluster,b
he wrote.

Then he came across VCL, or Virtual Open Cluster, a small and heretofore
little recognized project from the scientists who manage the MOSIX
distributed operating system first released in the 1970s.

bIt did just what I wanted, not with an entire OS per se, but with an entire
OpenCL application. and thatbs good enough for me.b

After playing around with VCL for a while, Gosney approached Prof. Amnon
Barak, one of Mosixbs creators. Gosney was interested in adding features to
VCL that would allow it to run the HashCat password cracking tool.

bOnce we convinced Amnon  that we did not aspire to turn the world into one
giant botnet, he was very cooperative in working with (us) to resolve issues
with VCL that was preventing it from working 100% with hashcat,b he said.

VCL makes load balancing across the cluster b once an arduous task that
required months of custom scripting b a trivial matter. As a result, Gosney
said that his team is at a point where their implementation of Hashcat on VCL
could be scaled up far above the 25GPU rig he has created b supporting bat
least 128 AMD GPUs.b

bIt really is the marriage of two absolutely fantastic programs, which allows
us to do unprecedented things,b he wrote.

Gosney is no stranger to password cracking. After 6.4 million Linkedin
password hashes were leaked online, Gosney was one of the first researchers
to decrypt them and analyze the findings. He and a partner were ultimately
able to crack between 90% and 95% of the password values.

Gosneybs GPU cluster is just the latest leap forward in password cracking in
a year that has already seen prominent encryption algorithms deemed
compromised by an onslaught of cheap compute power. In June, Poul-Henning
Kamp, creator of the md5crypt() function used by FreeBSD and other
Linux-based operating systems was forced to acknowledge that the hashing
function is no longer suitable for production use - a victim of GPU powered
systems that could perform bclose to 1 million checks per second on COTS
(commercial off the shelf) GPU hardware,b he wrote.  Gosneybs cluster cranked
out more than 70 times that number -  77 million brute force attempts per
second against MD5crypt.

Recent years have also seen the launch of services like Moxie Marlinspikebs
WPACracker and then CloudCracker, a cloud-based platform for penetration
testers that can do lookups of password hashes and other encrypted content
against a dictionary of over hundreds of millions b or even billions b of
potential matches b all for under $200.  And if that price is too rich, a
team of U.S. based researchers have shown how you can do the same thing b on
the cheap - by leveraging Googlebs MapReduce and cloud based browsers. Then,
in 2011, researcher Thomas Roth, who developed the Cloud Cracking Suite (CCS)
b a tool that leveraged eight Amazon EC2-based Nvidia GPU instances to crack
the SHA1 encryption algorithm and dispense with tens of thousands of
passwords per second.

Gosney said he plans to bmake a bit of moneyb off his invention, either by
renting out time on it or by offering it as a paid password recovery and
domain auditing service. bI have way too much invested in this to not get
some kind of return out of it,b he wrote.