25 GPUs devour password hashes at up to 348 billion per second

Summary:Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched fabric link can crunch through up to 348 billion password hashes per second.

A combination of hardware and cloud technologies could force the IT industry to rethink what constitutes a secure password.

A presentation at the Passwords^12 Conference in Norway, security researcher Jeremi Gosney demonstrated the password-cracking software HashCat on a system made up of five 4U servers kitted out with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched fabric link.

Virtual Open Cluster (VCL) software is used to load balance across the cluster.

This system doesn't just crack passwords; it literally obliterates them. The system can crunch through 348 billion NT LAN Manager (NTLM) password hashes every second. In the real world, this translates into being able to break a 14 character Windows XP password in six minutes.

The system can also tackle more robust hash algorithms too, such as MD5 and SHA at the rate of 180 billion and 63 billion attempts per second respectively.

Newer 'slow hash' algorithms specifically designed to be difficult to crack using GPUs fared better against the system. Against the bcrypt hashing algorithm the system only managed 71,000 attempts per second, and 364,000 attempts per second against the sha512crypt algorithm.

According to an interview that Gosney gave to The Security Ledger, the system could be scaled up from 25 GPUs to "at least 128 AMD GPUs." This system would offer tremendous password cracking ability.

Gosney is quite adept at password cracking. Following the leaking of 6.4 million Linkedin password hashes, Gosney and a partner were able to crack almost 95 percent of the hashes.

Image source: Gosney/Passwords^12.

Topics: Security, Hardware

About

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.