Results 1 to 14 of 14

Thread: News - Researchers use GPUs to break passwords

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,060 times in 719 posts

    News - Researchers use GPUs to break passwords

    Graphics hardware able to decimate security in minutes.
    Read more.

  2. #2
    Senior Member
    Join Date
    Aug 2008
    Posts
    1,894
    Thanks
    92
    Thanked
    84 times in 64 posts
    • miniyazz's system
      • CPU:
      • Acer Aspire 8920G
      • Operating System:
      • Windows 7 Pro
      • Monitor(s):
      • Optoma HD700X projector @ c. 90"
      • Internet:
      • Really, really ****

    Re: News - Researchers use GPUs to break passwords

    No actual specifics on how long it took them to break passwords of specific lengths?

    Presumably this sort of attack is only useful for encrypted files and the like - with things like online banking/email accounts, Windows logon, etc immune? Being as how all of these will likely block access for minutes or hours, or provide images to verify you're not a machine.

    Interesting stuff though.

  3. #3
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: News - Researchers use GPUs to break passwords

    Any properly thought-out encryption software will do several, even hundreds of rounds of hashing on passwords to counter passphrase bruteforcing. And as above, it's fairly useless against websites because of the time it takes to refresh pages and the fact you will be locked out of most sites for trying a few thousand passwords. Maybe it's useful for opening passworded Word documents or something? Other than that it's a bit of a non-issue really, just a bit of scaremongering thought up by a few GPU programmers...

    Edit: I've just found what I think is the original article here, and firstly I lose a lot of respect for anyone who claims to be a computing expert then uses teraflop as the singular version of teraflops, but they also hint towards this cutting down time to break a password from days to hours. TBH, if your security setup takes just days to crack there's something catastrophically wrong with it in the first place. As I said, any good encryption software should do some form of key strengthening so prevent attacks like this.
    Last edited by watercooled; 17-08-2010 at 12:52 PM.

  4. #4
    Senior Member Brewster0101's Avatar
    Join Date
    Dec 2007
    Location
    UK
    Posts
    2,614
    Thanks
    45
    Thanked
    54 times in 44 posts
    • Brewster0101's system
      • Motherboard:
      • Asus m5a99x evo
      • CPU:
      • AMD FX 8350
      • Memory:
      • 8GB (2x4) Corsair Vengence DDR3 1600mghz
      • Storage:
      • Western Green 3TB + Samsung 850Evo 512MB SSD, + 2TB NAS
      • Graphics card(s):
      • MSI 280X
      • PSU:
      • Corsair AXi760
      • Case:
      • Corsair 650D
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • LG 27" 27EA63 IPS LED
      • Internet:
      • 120Mb Bt

    Re: News - Researchers use GPUs to break passwords

    Think the article is more about the fact that GPUS are capable of doing such a thing as code breaking. Doesn't really state there is a practicle use for it, other than throwing theories around.

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    11,599
    Thanks
    763
    Thanked
    476 times in 328 posts

    Re: News - Researchers use GPUs to break passwords

    Hmmm, they specifically mention CUDA..
    Not that I'm suspiscious like..

  6. #6
    Senior Member
    Join Date
    Apr 2009
    Location
    Oxford
    Posts
    263
    Thanks
    5
    Thanked
    7 times in 6 posts
    • borandi's system
      • Motherboard:
      • Gigabyte EX58-UD3R
      • CPU:
      • Core i7 920 D0 (2.66Ghz) @ 4.1Ghz
      • Memory:
      • G.Skill 3x1GB DDR3-1333Mhz
      • Storage:
      • Samsung PB22-J 64GB
      • Graphics card(s):
      • 2x5850 in CF
      • PSU:
      • 800W
      • Case:
      • Verre V770
      • Operating System:
      • Windoze XP Pro
      • Monitor(s):
      • 19"WS
      • Internet:
      • 8MB/448kbps up

    Re: News - Researchers use GPUs to break passwords

    I'd hazard a guess from my own GPU experience and just used the GPU as a random number generator, which generated the possible passwords. Then offloaded the 'attempts' section to the CPU, because that cannot be done on the GPU. A 260 will happily generate 2 billion random numbers a second, depending on your algorithm (the 2b/sec was a SOBOL I think).

    But you're right, any system which locks you out after x attempts will be useless, or any system which requires a round trip of latency ping will also be useless to brute force.

    ٩(̾●̮̮̃̾•̃̾)۶

  7. #7
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: News - Researchers use GPUs to break passwords

    I don't see random number generation as a big problem, or requirement for that matter here. If you're bruteforcing a human-created passphrase it's unlikely it will consist of random noise so you should ideally use some form of dictionary attack, trying words, phrases, replacing s with $ and so on. If you're going to try using random keys you'd be best off directly attacking the encryption keys as you avoid the extra computation needed for the key strengthening, but give yourself a few billion years anyway.

  8. #8
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Researchers use GPUs to break passwords

    lets not forget plenty of people leak hashed passwords from their database, via injection attacks et al.

    However, most people dumb enough to allow that, also haven't salted the hash, so a simple rainbow table will show it.

    As mentioned a plug for CUDA?
    throw new ArgumentException (String, String, Exception)

  9. #9
    Senior Member
    Join Date
    Apr 2009
    Location
    Oxford
    Posts
    263
    Thanks
    5
    Thanked
    7 times in 6 posts
    • borandi's system
      • Motherboard:
      • Gigabyte EX58-UD3R
      • CPU:
      • Core i7 920 D0 (2.66Ghz) @ 4.1Ghz
      • Memory:
      • G.Skill 3x1GB DDR3-1333Mhz
      • Storage:
      • Samsung PB22-J 64GB
      • Graphics card(s):
      • 2x5850 in CF
      • PSU:
      • 800W
      • Case:
      • Verre V770
      • Operating System:
      • Windoze XP Pro
      • Monitor(s):
      • 19"WS
      • Internet:
      • 8MB/448kbps up

    Re: News - Researchers use GPUs to break passwords

    RNG would help determine the random bitshifts required in each segregation of password generation. But you're right - dictionary based attack would help, but that's not GPU possible.

    I was trying to suggest a way in which the GPU was used.

    ٩(̾●̮̮̃̾•̃̾)۶

  10. #10
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,024 times in 868 posts

    Re: News - Researchers use GPUs to break passwords

    Yeah a GPU could be used for RNG but it's not that computationally intensive, not compared to trying the passwords at least. I mean it could offload some of the work from the CPU but its not going to make a huge difference. I'm not entirely sure what CUDA is capable of, maybe it could do some of the cryptographic functions i.e. hashing/decryption? It's all very well them telling you it cracks passwords, but what bit is it doing exactly?

  11. #11
    Senior Member
    Join Date
    Apr 2009
    Location
    Oxford
    Posts
    263
    Thanks
    5
    Thanked
    7 times in 6 posts
    • borandi's system
      • Motherboard:
      • Gigabyte EX58-UD3R
      • CPU:
      • Core i7 920 D0 (2.66Ghz) @ 4.1Ghz
      • Memory:
      • G.Skill 3x1GB DDR3-1333Mhz
      • Storage:
      • Samsung PB22-J 64GB
      • Graphics card(s):
      • 2x5850 in CF
      • PSU:
      • 800W
      • Case:
      • Verre V770
      • Operating System:
      • Windoze XP Pro
      • Monitor(s):
      • 19"WS
      • Internet:
      • 8MB/448kbps up

    Re: News - Researchers use GPUs to break passwords

    RNG is actually quite computationally intensive - it's making leaps and strides in the finance industry (which essentially runs on RNGs), where they're replacing dual Xeon boxes with a single GTX280 and getting a 10x to 200x increase in output.

    CUDA runs on the SIMD principle - if it can apply an operation to lots of multiple data (think matrix multiplication), then CUDA is useful. It can't manipulate anything other than input values and mathematical operations thereof.

    Cryptographic functions in terms of decyption (as far as I understand) are inherently serial. I guess hashing is parallel, but CUDA doesn't include any hashing functions, so you have to build your own inside each kernel (which is possible if you require less than 63 floats). If you can do the serial access over 1000s of different data, then NVIDIA GPUs can be used also.

    To get the optimum speed out of an NVIDIA GPU, because the memory latency access is so large, you need approx 20x calculations per memory read per thread. Optimising CUDA code to get the speed advantage over CPU logic can be tricky sometimes. I'm currently working with highly parallel systems, so CUDA/GPU is great for what I do.

    ٩(̾●̮̮̃̾•̃̾)۶

  12. #12
    Senior Member
    Join Date
    Jun 2008
    Posts
    1,474
    Thanks
    2
    Thanked
    140 times in 116 posts
    • BobF64's system
      • Motherboard:
      • Asus P8Z77-V Pro
      • CPU:
      • Intel Core i7-3770K
      • Memory:
      • 16GB Corsair XMS3 PC3-12800
      • Storage:
      • Multiple HDD and SSD drives
      • Graphics card(s):
      • ASUS DUAL-GTX1060-06G
      • PSU:
      • 750W Silverstone Strider Gold Evolution
      • Case:
      • Silverstone Fortress FT02
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • HP ZR24w

    Re: News - Researchers use GPUs to break passwords

    Quote Originally Posted by miniyazz View Post
    No actual specifics on how long it took them to break passwords of specific lengths?

    Presumably this sort of attack is only useful for encrypted files and the like - with things like online banking/email accounts, Windows logon, etc immune? Being as how all of these will likely block access for minutes or hours, or provide images to verify you're not a machine.

    Interesting stuff though.
    It depends.

    Direct input, that is generating a password then trying it against a live system, isnt very effective because of lockouts etc.

    However, if you manage to get a copy of the password hash, and know the algorithm used, youre just trying to brute force offline data, so youre free to try it as many times as it takes.

    Given the number of reports about "lost" or "compromised" sites that use passwords, the latter seems ever more plausible, especially if you can brute force them before people have time to change their passwords.

  13. #13
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Bristol
    Posts
    2,812
    Thanks
    244
    Thanked
    238 times in 191 posts
    • jimbouk's system
      • Motherboard:
      • Asrock B450M-HDV R4.0
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4 3200 MHz C16
      • Storage:
      • Sabrent Rocket Q 1TB NVMe PCIe M.2 2280
      • Graphics card(s):
      • Sapphire Pulse RX 580 8GB
      • PSU:
      • Seasonic Core Gold GC-650
      • Case:
      • Lian-Li PC-V1100 ATX
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC CU34G2/BK 34" Widescreen
      • Internet:
      • EE FTC

    Re: News - Researchers use GPUs to break passwords

    Just stick a 5 second wait between login attempts, problem solved.

  14. #14
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,826
    Thanks
    161
    Thanked
    358 times in 288 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: News - Researchers use GPUs to break passwords

    This news doesn't worry me in the slightest. In reality it's only made getting into badly secured systems and the first layer of security in wireless networks quicker. You cannot brute force a properly secured system that you don't have more or less unrestricted physical access to, in which case it's either a stolen laptop or you work for the company you're trying to get in to.
    Getting through full HDD encryption is irrelevant as all Full disk encryption software recommends 20 character passwords or better which will still take an army of GPU's millions of years to crack through brute force.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 3
    Last Post: 12-11-2008, 12:48 PM
  2. Replies: 0
    Last Post: 19-08-2008, 12:55 AM
  3. Does Firefox encrypt passwords for web forms / web pages?
    By davidstone28 in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 19-01-2006, 10:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •