GPU Processing and Password Cracking

Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is processing complexity. The more operations that need to be run, the longer it takes, and the less useful each tool is for cracking passwords. In the past, most recommendations for password security revolved around making sure your password wasn’t something predictable, such as “password” or your birthday. With today’s (and tomorrows) GPUs, this may no longer be enough.

Although the article never mentions them by name, the newest tools in password cracking are based around two tools, nVidia’s CUDA and AMD’s Stream SDKs. These tools allow programs to be written in C that can be broken up and utilize the parallel nature of the hardware that is usually optimized for graphics. GPUs are much better at large-scale mathematical operations than CPUs because of this parallel layout. Chances are, if you have a somewhat recent graphics card, it is probably compatible with either CUDA or Stream, and if you already know C, you have all the tools necessary to get started.

The lesson to learn here, the longer or more complex a password is, generally the safer it is. Because of this, a number of tools, both software and hardware, may become more and more popular, or necessary, to accommodate this need.

Comments

uSleep on windows (win32)

I am facing a terrible issue regarding timing on windows. Googling arround, I've found those infos: Using QueryPerformanceCounter and QueryPerformanceFrequency APIs in Dev-C++ ( http://yeohhs.blogspot.com/2005/08/using -queryperformancecounter-and_13.html ) QueryPerformanceCounter() vs. GetTickCount() http://www.delphifaq.com/faq/delphi_windows_API/f345.shtml How to time a block of code http://www.cryer.co.uk/brian/delphi/howto_time_code.htm And Results of some quick research on timing in Win32 http://www.geisswerks.com/ryan/FAQS/timing.html With that I'm trying to write something like a uSleep function for windows: # include<windows.h> void uSleep ( int waitTime){ __int64 time1 = 0, time2 = 0, sysFreq = 0; QueryPerformanceCounter((LARGE_INTEGER *)&time1); QueryPerformanceFrequency((LARGE_INTEGER *)&freq); do { QueryPerformanceCounter((LARGE_INTEGER *)&time2); // }while((((time2-time1)*1.0)/sysFreq)<waitTime); } while ( (time2-time1) <waitTime); } T

More trickery with gnuplot dumb terminal

In my post " Plotting memory usage on console " the chart doesn't pan the data. Now, using a named pipe, the effect got a little bit nicer. First, we have to run the memUsage.sh script to get a file filled with memory usage info: ./memUsage.sh > memUsage.dat & Then we have to create a named pipe: mkfifo pipe Now we have to run another process to tail only the last 64 lines from the memUsage.dat while [ 1 ]; do tail -64 memUsage.dat> pipe; done & And now we just have to plot the data from the pipe: watch -n 1 'gnuplot -e "set terminal dumb;p \"pipe\" with lines"' And that is it!

The prefuse visualization toolkit

Navigating on the silk icons web site , I've found an interesting use of the Prefuse Visualization Tool Kit. “Prefuse is a set of software tools for creating rich interactive data visualizations. The original prefuse toolkit provides a visualization framework for the Java programming language. The prefuse flare toolkit provides visualization and animation tools for ActionScript and the Adobe Flash Player.” They have some nice visualizations on their gallery. I hope to soon use this tool kit on some projects on my job. Bellow is the screenshot of one of the projects which had used Prefuse: This particular screenshot is from the project: Voyagers and Voyeurs: Supporting Asynchronous Collaborative Information Visualization by ( Jeffrey Heer , Fernanda B. Viégas , Martin Wattenberg ) . Following Fernanda B. Viégas and Martin Wattenberg web sites, I've discovered that both worked on the Many Eyes project for IBM . Perhaps, Prefuse is the ancestral of Many Eyes... ;-) As is i

FilipiVianna

Search This Blog