GPU Password Cracking

Download Report

Transcript GPU Password Cracking

Not for noobs…
What even is a GPU?
A GPU (Graphics Processing Unit) is
piece of hardware(single chip processor)
primarily used for computing 3D
Such things are lighting effects, object
transformations, and 3D motion.
Simple look at architecture
CPU Vs. GPU speeds
Why is this important?
Currently the first 80 of the top 500
super computers are there due to
(general purpose) GPGPUs.
This shows how powerful GPUs have
become and their usability.
What choices do we have?
These are slightly more expensive
graphics cards.
 Nvidia is required if your attempting to
get on the top 500 supercomputers list.
(this is due to CUDA)
 Higher clock shader clock speeds, along
with more complex ALUs
ATI is competing technology against
 Has potential to be faster than Nvidia in
password cracking applications.
 Cheaper
 Slower shader clock speeds, but more
ALUs on chip
Cloud Based and Distributed
On solution is to pay for time on cloud
based services. Ex. (Amazon AWC/
EC2, Nimbix, Peer1, Penguin)
 Join a Distributed network
 [email protected]
 Boinc (
 [email protected]
What is feasible?
The cost of running a cloud based
service is more for those with deeper
Instead a locally hosted machine is
more affordable
That leaves us with Nvida Vs. ATI
The most common question….
Nvidia cant compete…
Nvidia design for example on the GTX
590 has 2 GTX 580s on a single card.
 This means it has 512 cores x 2 = 1024
cores * 8 cells = 8192 steams.
 While this is a lot of steams (meaning
more password cracking pipelines)
mapping to each stream is done by only
the first cell.
This does not utilize the GPU as much
as it can be.
 Another blow is that the BIT_ALIGN_INT
operator must be emulated on Nvidia
cards requiring 2 shifts + 1 add
 This means Nvidia cards must use 3
instructions instead of 1 for some
hashing functions as compared to ATI
ATI Radeon HD6990
 3072 ALUs x 830 MHz = 2550 billion 32-bit
instructions per second
Nvidia GTX 590
 1024 ALUs x 1214 MHz = 1243 billion 32-bit
instructions per second
As seen in the previous slide ATI takes
the cake for password cracking
Due to BIT_ALIGN_INT, more ALUs,
and cost to power efficiency, ATI has
approximately 3x-5x performance boost.
What even is?
The differences between the card
architecture translates into a direct
increase in password cracking speed for
ATI cards.
 Simpler ALUs at lower clocks == less
energy consumption.
Adding another GPU actually increases
how many password can be cracked
more than 100%
Ex. 2x Radeons HD6990 != 2550 billion
instructions per second * 2
Its actually faster! (minutely though)
Password Cracking Software
GPU cracking
 Oclhashcat
 IghashGPU
 WhitePixel
 Extreme GPU Bruteforcer
 Lightning hash cracker
Distributed solutions
 LastBit
 Elecomsoft
 Durandural
Password cracker of choice
 Advanced mask processing
○ Character per position attacks (using
 Rule engine
○ Manipulate wordlists based on rules on the fly
 Hybrid dictionary + mask attacks
○ Use wordlists and masks together to hit more
 Finger Printing attack
○ Psychology of humans based attack
Mask Engine
?d – Digits
 ?l – lower case alpha
 ?u – uppercase
 ?s – symbols
 ?h – hex 0xc0 – 0xff
 ?D-German alphabet
 ?F-French alphabet
 ?R-Russian alphabet
Lets try it out.
We will manipulate the string and use a
mask to hit our hashes
echo ichidor | expander | sort -u > outfile
Common human convention is to
append numbers within the string
 Some examples of wordlist + ‘?d?d’
 Chido06
 Dori09
 hido30
 chidori15
 ichi91
 hidori24