Skip to main content

GPU Processing and Password Cracking

GPU Processing and Password Cracking: "


Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is processing complexity. The more operations that need to be run, the longer it takes, and the less useful each tool is for cracking passwords. In the past, most recommendations for password security revolved around making sure your password wasn’t something predictable, such as “password” or your birthday. With today’s (and tomorrows) GPUs, this may no longer be enough.



Although the article never mentions them by name, the newest tools in password cracking are based around two tools, nVidia’s CUDA and AMD’s Stream SDKs. These tools allow programs to be written in C that can be broken up and utilize the parallel nature of the hardware that is usually optimized for graphics. GPUs are much better at large-scale mathematical operations than CPUs because of this parallel layout. Chances are, if you have a somewhat recent graphics card, it is probably compatible with either CUDA or Stream, and if you already know C, you have all the tools necessary to get started.


The lesson to learn here, the longer or more complex a password is, generally the safer it is. Because of this, a number of tools, both software and hardware, may become more and more popular, or necessary, to accommodate this need.



"

Comments

Popular posts from this blog

uSleep on windows (win32)

I am facing a terrible issue regarding timing on windows.

Googling arround, I've found those infos:
Using QueryPerformanceCounter and QueryPerformanceFrequency APIs in Dev-C++
(http://yeohhs.blogspot.com/2005/08/using-queryperformancecounter-and_13.html)
QueryPerformanceCounter() vs. GetTickCount()
http://www.delphifaq.com/faq/delphi_windows_API/f345.shtml
How to time a block of code
http://www.cryer.co.uk/brian/delphi/howto_time_code.htm
And Results of some quick research on timing in Win32 http://www.geisswerks.com/ryan/FAQS/timing.html
With that I'm trying to write something like a uSleep function for windows:


#include<windows.h>

voiduSleep(int waitTime){
__int64 time1 = 0, time2 = 0, sysFreq = 0;

QueryPerformanceCounter((LARGE_INTEGER *)&time1);
QueryPerformanceFrequency((LARGE_INTEGER *)&freq);
do{
QueryPerformanceCounter((LARGE_INTEGER *)&time2);

// }while((((time2-time1)*1.0)/sysFreq)<waitTime);
}while( (time2-time1) <waitTime);
}

There is also already a nanosleep…

More trickery with gnuplot dumb terminal

In my post "Plotting memory usage on console" the chart doesn't pan the data.
Now, using a named pipe, the effect got a little bit nicer.
First, we have to run the memUsage.sh script to get a file filled with memory usage info:
./memUsage.sh > memUsage.dat &
Then we have to create a named pipe:
mkfifo pipe
Now we have to run another process to tail only the last 64 lines from the memUsage.dat
while [ 1 ]; do tail -64 memUsage.dat> pipe; done &
And now we just have to plot the data from the pipe:
watch -n 1 'gnuplot -e "set terminal dumb;p \"pipe\" with lines"'
And that is it!

Checking auth.log for ssh brute force attacks

As I am letting my personal computer always on, as a homelinux server, I decided to check if someone is trying to breaking in with SSH brute force attacks.

First I did a grep for fail at the /var/log/auth.log. (grep -i /var/log/auth.log)

And I got lots of lines with the string "fail". With [grep -i /var/log/auth.log | wc -l] I figured out that were 1164 fail entries at auth.log

With an [grep -i fail auth.log | cut -d " " -f 6 | sort | uniq] I checked that were two kind of failed attempts:
Failed
pam_unix(sshd:auth):

So I wrote the following line to check with which users they were attempting to log:
grep Failed auth.log | cut -d " " -f 11 | sort | uniq | while read line ; do echo -n $line" "; grep $line auth.log | wc -l; done | sort -n -k 2

Here, the field position (the number 11 at the above command lines [-f 11]) may change in some systems. At my desktop at work, the username came at the position 9.

Here are the "top ten":
root 2922
user 2884