GPU Assisted Password Cracking (Andrey Belenko, Elcomsoft)

•

3 likes•2,612 views

The power of today's conventional computers is not enough for many challenging tasks. Password audit and computer forensics require much computations to be carried out. Strong encryption software such as Truecrypt, PGP and alike only amplify the problem. So does WPA standard for wireless communication, which can become a headache to audit at 100 passwords/sec. Now we've got great alternative: innovative solutions based on GPU computations that allow for higher performance and lower power consumption. With their help you can cut time required for an audit 10 to 50 times, even for complicated algorithms used by WPA and PGP.

Technology

Who may need
Password Recovery?
 Ordinary users (own passwords)
 IT Departments (employee’s passwords)
 Security auditors, consultants and
penetration testers
 Law enforcement & government

 Hackers usually don’t!

Why speed counts?

Users and IT Departments:
«We needed those passwords
yesterday»
Auditors, consultants
and pentesters:
«Time is Money»

How to increase speed?
Traditional way is to network together
many computers to form a cluster

• Communication
overhead
• Difficult to manage
• Not power-efficient

Yes!
For many HPC applications GPUs
are many times faster
than CPUs
But they’re not only
faster, they are
greener!

CPUs are designed to
be efficient at serial
computing…

…while GPU’s
main concern is
parallel computing

Intel® Core™ i7-965
“The highest performing
desktop processor on the
planet.”

4 cores
3,2 GHz
731 million transistors
263 mm2

Memory Controller
IO

IO
Q
Core Core Core Core
u
e
u
e
QPI

QPI
L3 cache
8 Мb
>384 million transistors

Out-of-
Memory Controller
Order
Execution Units Scheduling
&
Retirement
IO

IO
Q

Ordering &
Execution
u Instruction
Core Core Core Core

Memory
L1
e Decode &
Data
Microcode
u
e

Branch Prediction

Inst Fetch & L1
QPI

QPI
Paging

L3 cache
L2 8 Мb
>384 million transistors

CPU dedicates only
about 10% to the
execution units!

1/10

CPU dedicates only
about 10% to the
execution units!

NVIDIA®
GeForce® GTX 285

240 cores
1.476 GHz
1.4 billion transistors
470 mm2

PCIe &
TPC TPC TPC Memory TPC TPC
Controller

Thread
ROP Setup ROP
Dispatch

Memory
TPC TPC TPC TPC TPC
Controller

PCIe &

Multiprocessor

Multiprocessor

Multiprocessor
TPC TPC TPC Memory TPC TPC
Controller

Thread
ROP Setup ROP
Dispatch

Texture Memory
Fetch &
TPC TPC TPC TPC TPC
Controller
Other

GPU dedicates about
30% to the execution
units!

1/3

GPU dedicates 6 times as many
resources to the execution units
as CPU!

183 Watts 6x130=780 Watts
full load full load

Performance
680
250
LM
195
32 S1070

GTX 295
2 600
1 330
NTLM GTX 285
795
87
Q6600
1 920
920
MD5
570
70

0 1 000 2 000 3 000
Millions passwords per second

Performance per $
85
521
LM
557
S1070
178

GTX 295
325
2 771
NTLM GTX 285
2 271
483
Q6600
240
1 917
MD5
1 629
389

0 500 1 000 1 500 2 000 2 500 3 000
Thousands passwords per $ per second

Performance per Watt
850
865
LM
1 066
305
S1070

GTX 295
3 250
4 602
NTLM
GTX 285
4 344
829
Q6600
2 400
3 183
MD5
3 115
667

0 1 000 2 000 3 000 4 000 5 000
Thousands passwords per watt per second

Bad News:
Not every algorithm is worth
offloading to GPU
MD4 / MD5 
GPU is good at computing SHA-1 / SHA-2 
RIPEMD 

but MD2
AES 
DES 
GPU is bad at accessing RC4 
random memory locations

WPA-PSK
Tesla S1070 52400

31500
HD4870x2

21700
GTX 295

15750
HD4870

12500
GTX 285

11800
GTX 280

3100
Core 2 Quad Q6600

0 10000 20000 30000 40000 50000 60000

Other Accelerators?

Based on FPGA (Xilinx)
FireWire
Proprietary SDK

US $3’995

Single Unit Performance
45000
40000
40000

35000

30000
27000
25000
TACC1441
20000
GTX 285
16000
15000 13500

10000
5050
5000 3050

0
PGPdisk 128 PGPdisk 256 Office 2007

Performance for $4K
500000
440000
450000

400000

350000

300000

250000 TACC1441
11x GTX 285
200000 176000

150000

100000
55550
50000 27000
13500 3050
0
PGPdisk 128 PGPdisk 256 Office 2007

Greener Computing

• Consider a cluster of 25
dual-CPU quad-core
computers
• 400 watts full load each
• 10’000 watts total

Greener Computing

• Two Tesla S1070 provide
same performance
• 800 watts full load each
• One computer for
management
• 2’000 watts total

Greener Computing
• 8’000 watts saved
• 49’090 kWh a year (at 70% utilization)
• € 5’890 savings on electricity a year
(at 0.12€ per kWh average rate)
• Prevents 27’500 kg CO2 emission
• Takes 5 cars off the roads
• Saves 2’300 trees/year

Thank You!
Andrey Belenko
a.belenko@elcomsoft.com

Viewers also liked

GPU Cracking - On the Cheap

NetSPI

This presentation, based on a real penetration test, examines vulnerabilities in Excel export that often feature in web applications. It shows how the flaw can result in operating system commands being run on the victim user’s machine, and in this case how Windows domain credentials could be targeted. The underlying technique is not new but due to the unusual conditions of the test, several practical points are covered on the extra work that was required to grab the hash and crack it, which ultimately led to a bug discovered in the popular password cracking tool “hashcat”. This part of the talk was largely based on a blog post earlier this year. The presentation then goes on to discuss opportunities for refining the original Excel export attack in terms of reducing the number of warnings issued by Excel when it runs spreadsheets with suspicious content.

BSides MCR 2016: From CSV to CMD to qwerty

Jerome Smith

In this presentation I talked about how Windows user account passwords can be cracked using methods described in Philippe Oechslin's paper "Making a Faster Cryptanalytic Time-Memory Trade-Off" and demonstrated the ideas by stealing hashes using fgdump or Ophcrack and using Rainbow Tables (Cain with RainbowCrack) to actually crack the passwords of students present at the talk. There is some interesting stuff about secure passwords along with bunch of other things.

Password Cracking with Rainbow Tables

Korhan Bircan

Cyber security and ethical hacking 9

Mehedi Hasan

Attack All The Layers - What's Working in Penetration Testing

NetSPI

Introduction to Windows Dictionary Attacks

NetSPI

Thick Application Penetration Testing - A Crash Course

NetSPI

App Security? There’s a metric for that! (Part 1 of 2) Over the past year, NetSPI has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, NetSPI developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management. In this presentation, NetSPI provides a detailed walk-through of the overall methodology as well as OWASP’s SAMM project. We provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs. Be sure to check out Part 2 of this presentation for a more "Hands On" approach. http://www.slideshare.net/NetSPI/application-risk-prioritizationhandsonsecure360part2of2

Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2

NetSPI

Thick client application security assessment

Sanjay Kumar (Seeking options outside India)

Password Attack

Sina Manavi

Password Cracking

Sina Manavi

WTF is Penetration Testing

NetSPI

Viewers also liked (12)

GPU Cracking - On the Cheap

BSides MCR 2016: From CSV to CMD to qwerty

Password Cracking with Rainbow Tables

Cyber security and ethical hacking 9

Attack All The Layers - What's Working in Penetration Testing

Introduction to Windows Dictionary Attacks

Thick Application Penetration Testing - A Crash Course

Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2

Thick client application security assessment

Password Attack

Password Cracking

WTF is Penetration Testing

Recently uploaded

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

ICT role in 21st century education and its challenges

rafiqahmad00786416

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Recently uploaded (20)

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Strategies for Landing an Oracle DBA Job as a Fresher

FWD Group - Insurer Innovation Award 2024

Corporate and higher education May webinar.pptx

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

CNIC Information System with Pakdata Cf In Pakistan

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

MS Copilot expands with MS Graph connectors

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

presentation ICT roal in 21st century education

ICT role in 21st century education and its challenges

Platformless Horizons for Digital Adaptability

Vector Search -An Introduction in Oracle Database 23ai.pptx

GPU Assisted Password Cracking (Andrey Belenko, Elcomsoft)

1. GPU-Assisted Password Cracking

2. Who may need Password Recovery?  Ordinary users (own passwords)  IT Departments (employee’s passwords)  Security auditors, consultants and penetration testers  Law enforcement & government  Hackers usually don’t!

3. Why speed counts? Users and IT Departments: «We needed those passwords yesterday» Auditors, consultants and pentesters: «Time is Money»

4. How to increase speed? Traditional way is to network together many computers to form a cluster • Communication overhead • Difficult to manage • Not power-efficient

7. Any other options?

8. Yes! For many HPC applications GPUs are many times faster than CPUs But they’re not only faster, they are greener!

9. Why?

10. CPUs are designed to be efficient at serial computing… …while GPU’s main concern is parallel computing

11. Intel® Core™ i7-965 “The highest performing desktop processor on the planet.” 4 cores 3,2 GHz 731 million transistors 263 mm2

12. Memory Controller IO IO Q Core Core Core Core u e u e QPI QPI L3 cache 8 Мb >384 million transistors

13. Out-of- Memory Controller Order Execution Units Scheduling & Retirement IO IO Q Ordering & Execution u Instruction Core Core Core Core Memory L1 e Decode & Data Microcode u e Branch Prediction Inst Fetch & L1 QPI QPI Paging L3 cache L2 8 Мb >384 million transistors

14. Memory Controller IO IO Q Core Core Core Core u e u e QPI QPI L3 cache 8 Мb >384 million transistors

15. CPU dedicates only about 10% to the execution units! 1/10

16. CPU dedicates only about 10% to the execution units!

17. NVIDIA® GeForce® GTX 285 240 cores 1.476 GHz 1.4 billion transistors 470 mm2

18. PCIe & TPC TPC TPC Memory TPC TPC Controller Thread ROP Setup ROP Dispatch Memory TPC TPC TPC TPC TPC Controller

19. PCIe & Multiprocessor Multiprocessor Multiprocessor TPC TPC TPC Memory TPC TPC Controller Thread ROP Setup ROP Dispatch Texture Memory Fetch & TPC TPC TPC TPC TPC Controller Other

20. PCIe & TPC TPC TPC Memory TPC TPC Controller Thread ROP Setup ROP Dispatch Memory TPC TPC TPC TPC TPC Controller

21. GPU dedicates about 30% to the execution units! 1/3

22. GPU dedicates 6 times as many resources to the execution units as CPU! 183 Watts 6x130=780 Watts full load full load

23. Performance 680 250 LM 195 32 S1070 GTX 295 2 600 1 330 NTLM GTX 285 795 87 Q6600 1 920 920 MD5 570 70 0 1 000 2 000 3 000 Millions passwords per second

24. Performance per $ 85 521 LM 557 S1070 178 GTX 295 325 2 771 NTLM GTX 285 2 271 483 Q6600 240 1 917 MD5 1 629 389 0 500 1 000 1 500 2 000 2 500 3 000 Thousands passwords per $ per second

25. Performance per Watt 850 865 LM 1 066 305 S1070 GTX 295 3 250 4 602 NTLM GTX 285 4 344 829 Q6600 2 400 3 183 MD5 3 115 667 0 1 000 2 000 3 000 4 000 5 000 Thousands passwords per watt per second

26. Bad News: Not every algorithm is worth offloading to GPU MD4 / MD5  GPU is good at computing SHA-1 / SHA-2  RIPEMD   but MD2 AES  DES  GPU is bad at accessing RC4  random memory locations

27. Good News: Humans love repetition

28.

29. WPA-PSK Tesla S1070 52400 31500 HD4870x2 21700 GTX 295 15750 HD4870 12500 GTX 285 11800 GTX 280 3100 Core 2 Quad Q6600 0 10000 20000 30000 40000 50000 60000

30. Other Accelerators? Based on FPGA (Xilinx) FireWire Proprietary SDK US $3’995

31. Single Unit Performance 45000 40000 40000 35000 30000 27000 25000 TACC1441 20000 GTX 285 16000 15000 13500 10000 5050 5000 3050 0 PGPdisk 128 PGPdisk 256 Office 2007

32. US $3’995

33. US $3’995

34. Performance for $4K 500000 440000 450000 400000 350000 300000 250000 TACC1441 11x GTX 285 200000 176000 150000 100000 55550 50000 27000 13500 3050 0 PGPdisk 128 PGPdisk 256 Office 2007

35. Greener Computing • Consider a cluster of 25 dual-CPU quad-core computers • 400 watts full load each • 10’000 watts total

36. Greener Computing • Two Tesla S1070 provide same performance • 800 watts full load each • One computer for management • 2’000 watts total

37.

38.

39. Greener Computing • 8’000 watts saved • 49’090 kWh a year (at 70% utilization) • € 5’890 savings on electricity a year (at 0.12€ per kWh average rate) • Prevents 27’500 kg CO2 emission • Takes 5 cars off the roads • Saves 2’300 trees/year

40. Thank You! Andrey Belenko a.belenko@elcomsoft.com

GPU Assisted Password Cracking (Andrey Belenko, Elcomsoft)

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (12)

Recently uploaded

Recently uploaded (20)

GPU Assisted Password Cracking (Andrey Belenko, Elcomsoft)