Passwords Quickly Hacked With PC Graphics Cards

[JRViejo]

Quote:

Georgia Tech researchers find that high-end, readily available graphics processing units are powerful enough to easily crack secret codes.

Passwords with fewer than 12 characters can be quickly brute-force decoded using a PC graphics processing unit (GPU) that costs just a few hundred dollars, according to researchers at the Georgia Institute of Technology.

InformationWeek Article by Mathew J. Schwartz.

[chronomatic]

Does this really require university researchers to figure out? This has been known by everyone who knows anything about computer security for years. In fact, there is software out there designed to utilize GPU's for this very purpose. I guess these "researchers" have been living under a rock for the past several years?

Must be a very slow news day.

[chiraldude]

TrueCrypt has recommended passwords with 20 or more characters for years.
A 20 char pw is not brute force(able) using any currently known technology.

[Carbonyl]

I understand the need for strong passwords, but in reality, how dangerous are brute-force guessing attacks, like the one described in this article? Surely online accounts for Email / Commerce / Services have some measure of delay imposed between login attempts. I would also assume that repeated failures would temporarily "lock" an account.

Even in a best case scenario, wouldn't network latency limit the efficacy of this method of 'cracking'? Obviously you can't send nearly as many requests to a remote server as you can perform on a local machine in the same period of time.

Additionally, I can't find anything in the article about this: What characters composed the passwords that were cracked so easily? Were numbers, mixed case, symbols, and ASCII code characters included?

[chiraldude]

You are correct that high speed brute force is useless for a remote attack.
This sort of attack only applies in the case where your adversary has access to the encrypted data. (file, container, OS encryption such as PGP, TrueCrypt, bitlocker, etc...)

All possible 12 character passwords can be tested on the encrypted data using GPU acceleration. Not just simple ones but ALL possible passwords. "#3Df.vB%^saj" may be guessed as easilly as "mypasswordis"

[chronomatic]

Quote:

Originally Posted by Carbonyl

I understand the need for strong passwords, but in reality, how dangerous are brute-force guessing attacks, like the one described in this article? Surely online accounts for Email / Commerce / Services have some measure of delay imposed between login attempts. I would also assume that repeated failures would temporarily "lock" an account.

Yeah, as the other guy said, this works fine for remote attacks where the adversary doesn't have direct access to your encrypted password file (hash). If he has direct access to the password file itself, he can brute force it as fast as his hardware will allow. The only variable will be with what hash the password is protected with. Some hashes can be brute forced faster than others.

Quote:

Additionally, I can't find anything in the article about this: What characters composed the passwords that were cracked so easily? Were numbers, mixed case, symbols, and ASCII code characters included?

One would probably want at least an 80 bit password (80 bits as in entropy) in order to protect against just about any brute force. If you use all ASCII characters, you can achieve 80 bits with a 13 character password (85 bits to be exact). Of course, this is assuming the password is completely random. If you want really strong protection you can aim for 128 bit entropy, which will be a password of 20 random characters (which results in a password with 131 bits of entropy to be exact). 128 bits is not crackable by anyone from this planet and wont be for a long time. Again, this assumes the password is chosen at random. If you use phrases or words, it significantly reduces your password's strength.

[JRViejo]

Carbonyl, in the article, there is this mention (blue highlight mine):

Quote:

"We've been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places," said Richard Boyd, a senior research scientist at the university's research institute, in a statement. "Right now we can confidently say that a seven-character password is hopelessly inadequate.

Here's the link to Georgia Tech:

Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System

Quote:

For one thing, attackers know that many people use passwords comprised of easy-to-remember lowercase letters. Code-breakers typically work on those combinations first.

From these quotes, I gather that they see lots of 7 words or less, lowercase passwords at Georgia Tech.

[chrisretusn]

Darn, I just went through and recently changed all of my weak passwords, some were dictionary words others were "decent" 8 character ones, but used across several places. I changed them all to unique and at least 12 characters in length except for a few critical ones, those I made 15 characters. Guess I am going to have to rethink this over again.

[Searching_ _ _]

To crack your passwords someone has to gain entry to your system first and dump your password hashes.
After that it's just about how much cracking power is available to you.

I know of someone with a 7 Teraflop cluster who can crack Linux hashes in under 15 minutes.
Is currently adding Blowfish to the list of hashes he can crack.

[chronomatic]

Quote:

Originally Posted by Searching_ _ _

I know of someone with a 7 Teraflop cluster who can crack Linux hashes in under 15 minutes.
Is currently adding Blowfish to the list of hashes he can crack.

7 Teraflops is only like 2 GPU's nowadays.

And when you say "in under 15 minutes" that's sort of vague. I will put my passwords up against his cluster any day and guarantee he wont crack them in 15 minutes, hours, days, years or centuries.

[wearetheborg]

Quote:

Originally Posted by chronomatic

7 Teraflops is only like 2 GPU's nowadays.

And when you say "in under 15 minutes" that's sort of vague. I will put my passwords up against his cluster any day and guarantee he wont crack them in 15 minutes, hours, days, years or centuries.

How big is your password?

[Searching_ _ _]

@ chronomatic

One node in the system has 4 Nvidia Tesla's other nodes contain gtx280's and gtx480's.
If he needs more Teraflops he just adds more nodes, up to 260 nodes capable.
It wasn't just one password hash, it was several pilfered from a live network.

What algorithm are you using to hash your passwords?
I'm guessing you changed yours from the default md5. Probably something like sha256.

[Ocky]

Sort of an addendum to this thread - may be of interest.

1978 Cryptosystem Resists Quantum Attack

Quote:

When the first decent-sized quantum computer is switched on, previously secure codes such as the commonly used RSA algorithm will become instantly breakable.

*********************************************************************

The McEliese cryptosystem is different. It too is asymmetric but its security is based not on factorisation but on a version of a conundrum that mathematicians call the hidden supgroup problem. What Dinh and buddies have shown is that this problem cannot be solved using quantum fourier analysis. In other words it is immune to attack by Shor's algorithm. In fact, it is immune to any attack based on quantum fourier sampling.

[chronomatic]

Quote:

Originally Posted by Searching_ _ _

@ chronomatic

One node in the system has 4 Nvidia Tesla's other nodes contain gtx280's and gtx480's.

That should be more than 7 Teraflops. I know some of the higher end cards nowadays run at 4+ teraflops a piece (single precision).

Quote:

What algorithm are you using to hash your passwords?
I'm guessing you changed yours from the default md5. Probably something like sha256.

Depends on what the password is used for. If it's my root password on Ubuntu it uses a salted SHA512, which is the default on Ubuntu now. My router WPA password is 60 random characters. It looks like this:

Code:

yH)k1%MQ!p8$/uVMdb~,&j4SaR+JP(iAJ}^<2`~x*M-pysPlJAq+7^fmn`R~

That's 393 bits of entropy. If you put an nvidia tesla on every square inch of the earth's land surface, it would take it 2 X 10^84 years to crack.

[Doritoes]

Quote:

Originally Posted by chrisretusn

Darn, I just went through and recently changed all of my weak passwords, some were dictionary words others were "decent" 8 character ones, but used across several places. I changed them all to unique and at least 12 characters in length except for a few critical ones, those I made 15 characters. Guess I am going to have to rethink this over again.

You post on Wilders and you don't generate long random passwords for all your accounts

[chrisretusn]

Quote:

Originally Posted by Doritoes

You post on Wilders and you don't generate long random passwords for all your accounts

Read my post again.

I'd be willing to bet a lot of users here at one time or another used the same password for more than one account. Whether they will admit to it or not is another story.

[wearetheborg]

Quote:

Originally Posted by chrisretusn

I'd be willing to bet a lot of users here at one time or another used the same password for more than one account. Whether they will admit to it or not is another story.

I admit it, I'm doing it right now

As a control freak with poor memory who uses different computers, and uses linux, I kinda use 3-4 passwords for my accounts. I'm in the process of a major security overhaul now (cross platform password manager, new longer papsswords etc)

[Searching_ _ _]

Quote:

Originally Posted by chronomatic

That should be more than 7 Teraflops.

1 Tesla card = 1 Teraflop (and $1200.00 per)

Tesla cards are the first video cards to reach 1 teraflop.

They do make consumer boards with 7 PCI Express slots, so it's possible to have a single 7 teraflop node.
$1000 for the system and $8400 for the cards.

That's some serious cracking and rendering

[chrisretusn]

Quote:

Originally Posted by wearetheborg

I admit it, I'm doing it right now

As a control freak with poor memory who uses different computers, and uses linux, I kinda use 3-4 passwords for my accounts. I'm in the process of a major security overhaul now (cross platform password manager, new longer papsswords etc)

You know I still use the same passwords (for root and my personal account) when logging in to my home computers.

[Enigm]

Quote:

Originally Posted by Searching_ _ _

To crack your passwords someone has to gain entry to your system first and dump your password hashes.
After that it's just about how much cracking power is available to you.

I know of someone with a 7 Teraflop cluster who can crack Linux hashes in under 15 minutes.
Is currently adding Blowfish to the list of hashes he can crack.

If you already have the hashes, what's the point in "cracking" anything,
you just look them up in the rainbow-tables and bingo, 2 hashes become
one windows-passwords ..
If they are talking about encrypted systems .. WHAT hashes ?
There are no hashes to dump on a properly encrypted system .

[Searching_ _ _]

Rainbow tables, a precomputation attack, is for LM and NTLM hashes and therefore Windows.

I was talking about cracking Linux hashes which use a minimum of salted MD5.

Quote:

The MD5-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 48 and 128 bits, respectively. These larger salt values make precomputation attacks for almost any length of password infeasible against these systems for the foreseeable future.

Rainbow Tables - Wikipedia

[wearetheborg]

Quote:

Originally Posted by Enigm

If you already have the hashes, what's the point in "cracking" anything,
you just look them up in the rainbow-tables and bingo, 2 hashes become
one windows-passwords ..
If they are talking about encrypted systems .. WHAT hashes ?
There are no hashes to dump on a properly encrypted system .

If you have a long enough passwords (15 chars, with at lease one special char), then there ARE NO rainbow tables for them. Too much space required.
Linux automatically uses salts, so rainbow table based attacks are rendered useless.

Background on salts. Given a password "password", the stored hash is
hash(salt.password), where salt is some random (but known and visible) string.

Windows unfortunately use salts, but the user can add his own salt. Eg, if the password I have in mind is "password"; I would instead use the password
"wearetheborg.password" or "password.password"
It prohibits rainbow table based attacks.

[chronomatic]

Quote:

Originally Posted by Searching_ _ _

1 Tesla card = 1 Teraflop (and $1200.00 per)

Tesla cards are the first video cards to reach 1 teraflop.

They do make consumer boards with 7 PCI Express slots, so it's possible to have a single 7 teraflop node.
$1000 for the system and $8400 for the cards.

That's some serious cracking and rendering

Depends on if you're talking about single or double floating point precision.

[Searching_ _ _]

@ chronomatic

Checking ATI and Nvidia, ATI has a faster card than Nvidia.
The Radeon 5970 does 4 teraflops @ 32bit, while the Tesla does 1 teraflops @ 32bit.

Cuda has dominated the market with 90% of the HPC systems.
Cuda made it possible to utilize all the shaders for computation tasks.
Programmers could now port computationally intensive programs to the GPU.
ATI has only recently became involved in parallelized porting compared to Nvidia.
Nvidia has a big headstart and it doesn't look like ATI is doing much about it.

Pathscale has mentioned adding support for ATI, but there target is Cuda.
If they add support for ATI then ATI will have a chance to beat Nvidia FLops for FLops.

Also the program he uses to crack hashes with is cuda based.