25 GPUs devour password hashes at up to 348 billion per second

25 GPUs devour password hashes at up to 348 billion per second

Summary: Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched fabric link can crunch through up to 348 billion password hashes per second.

SHARE:
TOPICS: Security, Hardware
33

A combination of hardware and cloud technologies could force the IT industry to rethink what constitutes a secure password.

A presentation at the Passwords^12 Conference in Norway, security researcher Jeremi Gosney demonstrated the password-cracking software HashCat on a system made up of five 4U servers kitted out with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched fabric link.

Virtual Open Cluster (VCL) software is used to load balance across the cluster.

This system doesn't just crack passwords; it literally obliterates them. The system can crunch through 348 billion NT LAN Manager (NTLM) password hashes every second. In the real world, this translates into being able to break a 14 character Windows XP password in six minutes.

The system can also tackle more robust hash algorithms too, such as MD5 and SHA at the rate of 180 billion and 63 billion attempts per second respectively.

Newer 'slow hash' algorithms specifically designed to be difficult to crack using GPUs fared better against the system. Against the bcrypt hashing algorithm the system only managed 71,000 attempts per second, and 364,000 attempts per second against the sha512crypt algorithm.

According to an interview that Gosney gave to The Security Ledger, the system could be scaled up from 25 GPUs to "at least 128 AMD GPUs." This system would offer tremendous password cracking ability.

Gosney is quite adept at password cracking. Following the leaking of 6.4 million Linkedin password hashes, Gosney and a partner were able to crack almost 95 percent of the hashes.

Image source: Gosney/Passwords^12.

Topics: Security, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

33 comments
Log in or register to join the discussion
  • Just great....

    So what is the way to prevent malicious people from doing this?

    When you come up with a "problem" like this you should be prepared with a solution to it too.
    Joe_Raby
    • They still have to get the hash first

      This is not brute force attacking
      happyharry_z
    • Does it really matter?

      most people probably just use QWERTY, 123456, or their dog's name.

      A lot of those accounts could be hacked without even turning this machine on.
      William Farrel
      • It doesn't matter

        My dog's name is password, so i guess I'm safe!
        common sense
    • The solution is slow, scalable hashing, like bhash.

      The article notes: "Against the bcrypt hashing algorithm the system only managed 71,000 attempts per second"

      There is no reason for a fast hashing algorithm to be used for passwords, since they are only used infrequently for authentication. Fast algorithms should be left to encryption of mass amounts of data, like for https.
      mark_in_sf
  • NSA just ordered a hundred ...

    The price of standard hardware continues to drop so that not only the US government but foreign governments are finding that routine password cracking is within reach of even modestly-funded organizations. Not to mention corporate espionage types ...
    terry flores
    • More likely the NSA

      Already has a couple thousands of these in a bunker somewhere cracking passwords, an may be even attempt decrypted encrypted communications as well.
      Knowles2
  • So, considering you actually have to try the password to

    see if you cracked it, explain to me how you're going to try your password against the server 348 billion times a second, failing continuously for 6 minutes and then finally being granted access to the server/network/whatever on the 125,280,000,000,001-th try?
    baggins_z
    • Because

      in the example used in the article, someone got a bunch of encrypted passwords and cracked them on their own purpose-built computer. They never attempted to login to the relevant servers/systems. After cracking (decrypting) the passwords, they then have the unencrypted passwords which will, of course, succeed on the first login attempt.
      codougd
  • This isn't new.

    GPGPU cracking have been around for years.. Its just that mainstream have finally figured it out.. Next they will be talking about the botnet that been using there victims gpus for this and other purposes.. This botnet is available for renting btw.
    Anthony E
    • It has but things are getting faster now.

      And most of those weren't GPGPU but core based attempts. To use GPGPU you have to tie them together and I've never it seen it done on this scale before.
      DevGuy_z
  • So we're about 38 bits now, eh?

    log(348000000000)/log(2)=38.3

    So that's about 38 bits of entropy in about a second.

    FYI, that's an eight character password (uppercase/lowercase/number) in about 10 minutes using only brute force. No fancy intelligent guessing techniques.

    Eight characters is no longer acceptable. Actually, it hasn't been acceptable for 10+ years, but I still see it sometimes.

    I'd say we should be enforcing 12+ characters as an absolute minimum. And encouraging things like pass phrases that makes for really lengthy passwords.
    CobraA1
    • Relevant and such...

      http://xkcd.com/936/
      Max™‮‮
      • yup

        yup, I remember that one :).
        CobraA1
  • This is why

    My passwords are 20 characters long! But it's hard to remember so I keep my passwords on a post it on my screen.
    new gawker
    • Do you know what is impressible?

      Do you know what is impressible? The PSU that they used!. I never (ever) saw something like that, a PSU that requires 3 power cord. Are they (PSUs) stacked?
      magallanes
      • it's 3 separate power supplies

        normally used for redundency - the first PS dies, the second continues to keep the server up and running. Just hot swap out the bad one. Your system never goes down.

        Though they could be using all three in parallel if the one power supply couldn't handle the load alone.
        William Farrel
      • The PSU

        This is redundant PSU setup. Three PSU running in parallel -- not one PSU with three cables :)

        Redundant PSU is the norm in any server environment. You don't want all your servers go down when one UPS system accidentally gets switched off, for example.
        danbi
  • MD5? Robust? Methinks not.

    How are we still considering MD5 a 'robust' hash algorithm? It's been shown that it is notoriously easy to crack.
    unaligned
  • Changing your password

    and not haveing older OS's still using Lan Manager will do a lot to block this attack.. my corp just spend a lot of time chaniging very password that might have been in the LM Hash, and upgrading every machine with an OS that that still relied on Lan Manager, even going so far as database DBO and User passwords so that if you do get ahold of a hash, big deal, the passwords you crack are all long changed.. and changed again.. and again.. So go ahead.. decode the hash if you can get one..
    Putertechn