GPU Password Cracking
Transcript GPU Password Cracking
Not for noobs…
What even is a GPU?
A GPU (Graphics Processing Unit) is
piece of hardware(single chip processor)
primarily used for computing 3D
Such things are lighting effects, object
transformations, and 3D motion.
CPU vs. GPU
Simple look at architecture
CPU Vs. GPU speeds
Why is this important?
Currently the first 80 of the top 500
super computers are there due to
(general purpose) GPGPUs.
This shows how powerful GPUs have
become and their usability.
What choices do we have?
These are slightly more expensive
Nvidia is required if your attempting to
get on the top 500 supercomputers list.
(this is due to CUDA)
Higher clock shader clock speeds, along
with more complex ALUs
ATI is competing technology against
Has potential to be faster than Nvidia in
password cracking applications.
Slower shader clock speeds, but more
ALUs on chip
Cloud Based and Distributed
On solution is to pay for time on cloud
based services. Ex. (Amazon AWC/
EC2, Nimbix, Peer1, Penguin)
Join a Distributed network
What is feasible?
The cost of running a cloud based
service is more for those with deeper
Instead a locally hosted machine is
That leaves us with Nvida Vs. ATI
The most common question….
Nvidia cant compete…
Nvidia design for example on the GTX
590 has 2 GTX 580s on a single card.
This means it has 512 cores x 2 = 1024
cores * 8 cells = 8192 steams.
While this is a lot of steams (meaning
more password cracking pipelines)
mapping to each stream is done by only
the first cell.
This does not utilize the GPU as much
as it can be.
Another blow is that the BIT_ALIGN_INT
operator must be emulated on Nvidia
cards requiring 2 shifts + 1 add
This means Nvidia cards must use 3
instructions instead of 1 for some
hashing functions as compared to ATI
ATI Radeon HD6990
3072 ALUs x 830 MHz = 2550 billion 32-bit
instructions per second
Nvidia GTX 590
1024 ALUs x 1214 MHz = 1243 billion 32-bit
instructions per second
As seen in the previous slide ATI takes
the cake for password cracking
Due to BIT_ALIGN_INT, more ALUs,
and cost to power efficiency, ATI has
approximately 3x-5x performance boost.
What even is?
The differences between the card
architecture translates into a direct
increase in password cracking speed for
Simpler ALUs at lower clocks == less
Adding another GPU actually increases
how many password can be cracked
more than 100%
Ex. 2x Radeons HD6990 != 2550 billion
instructions per second * 2
Its actually faster! (minutely though)
Password Cracking Software
Extreme GPU Bruteforcer
CUDA – MULTIFORCER
Lightning hash cracker
Password cracker of choice
Advanced mask processing
○ Character per position attacks (using
○ Manipulate wordlists based on rules on the fly
Hybrid dictionary + mask attacks
○ Use wordlists and masks together to hit more
Finger Printing attack
○ Psychology of humans based attack
?d – Digits
?l – lower case alpha
?u – uppercase
?s – symbols
?h – hex 0xc0 – 0xff
Lets try it out.
We will manipulate the string and use a
mask to hit our hashes
echo ichidor | expander | sort -u > outfile
Common human convention is to
append numbers within the string
Some examples of wordlist + ‘?d?d’