Wednesday, October 24, 2007

GPU accelerated password cracking

Modern versions of Windows like Vista no longer use LM (which could be cracked in minutes using rainbow tables and tools like Ophcrack, especially since it grouped passwords in 7 character pieces). NTLM tends to be more difficult to crack.

Now that GPU HPC clustering has been around for a while, it was only a matter of time until someone implemented the concept for usage in password cracking. I've seen specialized FPGA based machines like Copacobana accelerate DES cracking for example. Or custom chip machins like Deep Crack. But there are cheaper and more effective resources available, right on your home desktop!

A simple GeForce 8 card can have 128 stream processing units and they are very suitable for fixed point arithmetics.

Elcomsoft has released a product that uses such a technology: Elcomsoft Distributed Password Recovery 2. And it will soon incorporate the technology into all their products.

What does this mean? It means that cracking a typical 8 character NTLM has can take as little as 4-5 days instead of months. Using a GPU means the process can be 25 times faster than normal! Not to mention you can just use 4 GPU's on your machine to really speed things up :-).

Guess it's time to enforce a more strict password policy. 12 or more characters should be a minimum now.

Want to use GPU clustering for other kind of HPC applications? Grab the NVIDIA CUDA toolkit and an MPI manual, and start coding. Or maybe you're an ATI person? Then take a look at Folding@Home on ATI GPU's page.