tansqrx
Oct 22 2007, 09:38 PM
There is a new story on Slashdot (http://it.slashdot.org/it/07/10/22/1851226.shtml) today about an article (http://www.net-security.org/secworld.php?id=5567) that could possible speed up password cracking by a factor of 25. ElcomSoft (http://www.elcomsoft.com/) has filed for a patent for a technique that uses both the CPU and GPU (graphics card) in a modern computer. ElcomSoft is a known software company that has specialized in selling password cracking software for many years. I have personally bought their software for the purpose of discovering how Yahoo! Messenger stores its passwords. Password cracking is a very shady area but it appears that ElcomSoft can actually be trusted. The idea of using the GPU is not particularly new. The idea has been thrown around for several years but to my knowledge this is the first wide-spread practical application that has bee proposed. The science of cryptography has always been similar to the virus-antivirus arena. It is a rat race to one up the other side. It will be interesting to see which algorithms are susceptible to this attack and how the crypto community will react.
Reply
Jeigh
Oct 23 2007, 11:02 PM
You make a few statements that aren't really wrong, but off base heh. I mean, it is sort of like the virus/antivirus thing but at the same time its quite different. Firstly you have to decide which level of encryption we are talking here, there are encryption algorithms that have existed for awhile that are currently not even in the realm of possibility to be cracked by anyone or anything that lacks government sized resources. That said if we're talking cracking lower end encryption routines then sure, it would make sense if you use more hardware and more processing power then you'd rip through encryption faster but thats the same as saying if we strap 20 processors onto cracking an encryption routine it'll happen exponentially faster. I like the idea of using more hardware more efficiently but this just seems odd, anything your own home computer could crack relistically shouldn't be something that needs to happen super fast. I mean, if you are cracking enough encryption routines at home that this is beneficial to you... you are prooobably doing something a little shady.
Reply
Grafitti
Oct 27 2007, 05:23 AM
I got an article this morning about it from Siliconvalley.. I think it's interesting, and actually quite a breakthrough. QUOTE The Law of Unintended Consequences -- a graphic example: Turns out those advanced graphics chips that render fast-moving games in flowing detail have some other uses as well -- for one, they can dramatically reduce the workload of a password hacker. New Scientist reports that Moscow-based Elcomsoft is claiming to have filed for a U.S. patent on a technique that uses the massively parallel processing capabilities of the latest graphics processing units in its "password recovery" software. Using a high-end Nvidia GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov. Even a less powerful, $150 graphics card can plow through a complex crack in three to five days, as opposed to the months a central processing unit alone would take.
The speed comes from the way the graphics chip handles data. NVidia spokesman Andrew Humber explains, comparing the process to searching for a word in a book: "A [normal computer processor]would read the book, starting at page 1 and finishing at page 500," he says. "A GPU would take the book, tear it into a 100,000 pieces, and read all of those pieces at the same time."
Nvidia inadvertently helped the hacking advance along in February by releasing a hardware development kit that let programmers access the GPU's processing power directly, a boon for those working on complex science and engineering problems. But, as always, one man's tool is another man's weapon.
Reply
ethergeek
Oct 27 2007, 10:45 AM
It's some cool stuff, but kind of old news...at least the simplicity of a gui interface for doing this will probably lead to advances in cryptography or at least raise the bar for what we all consider bare minimum for symmetric cipher strength. As for just cracking passwords...the speed increases this could provide are nothing compared to the speed you get with a precomputed hash-style attack. Generating the hash tables might be faster, maybe tho.
Reply
tansqrx
Nov 1 2007, 10:13 PM
I will have to agree with you Jeigh that this is not the ultimate goal perused by “hackers” but I think you would be hard pressed to say that an almost ten fold decrease in cracking time is insignificant. All of a sudden you have taken a task that would have taken 10 years down to 1 year. In certain situations this would be the deciding factor in trying to even attempt such a crack. I will also agree that this does little in the space of very strong ciphers. If you are using 256 AES then you have only reduced the time from well after our sun goes supernova to just before our ultimate destruction. (For those who do not know, scientists predict that out own sun will end in a supernova explosion. You shouldn’t worry too much though because this will happen billions of years in the future. At current rates, it will take many billions of years to crack current strong cryptography and thus we will not be around to see the fruits of the cracking labor.) I also see the true power of this technology in parallel processing of some sort. If you can get a ten fold increase out of a single graphics card then imagine if you crated a computer with one CPU and 10,000 GPUs. This is exactly what happened with the greatest blows to DES. The EFF funded a project called “Deep Crack” (http://en.wikipedia.org/wiki/EFF_DES_cracker) that exploited specialized FPGA hardware in parallel. When given the task of computing a DES cipher, this hardware was much more efficient than any supercomputer. When you put 10,000 of these things together all of a sudden you have a super cracking machine. This was one of the many projects that ultimately showed the US government that DES needed to be replaced. I would have to have guess that even ten years before this it was inconceivable that such a thing could happen.
Reply
Chesso
Nov 2 2007, 11:20 PM
Wow...... that many? I would really like to know though, "exactly" how do they make use of the GPU? I imagine they get it to perform calculations just like a CPU, but how do they directly access it in such a way, and manage it properly so that you get the speed boost. I mean the power of a GPU is nothing compared to a CPU generally, how can it boost so much? This is assuming one decent CPU VS an equally decent GPU.
Reply
Similar Topics
Keywords : cpus, gpus, unite, attack, passwords
- Warning: Mysql_result(): Supplied Argument Is Not A Valid Mysql Result Resource In ...
This Is for My attack Script. (4)
Attack Script In Php
This is a funny attack script that i made (5) Hey! I am going to share an attack script that i made for some time ago. I made it, as a test
for my game.. And ofc, you can use it for your game to. It is still version 1.0. But I want you to
learn something from it /wink.gif" style="vertical-align:middle" emoid=";)" border="0"
alt="wink.gif" /> This is my second tutorial here, and I will try to make it better than my first
one /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Here is
the SQL File. CODE CREATE TABLE `characterss` ( `health` int(2....
Xtratic War - Free Text Based War Game.
text based militray war game, attack, build, destroy.. (0) Hey guys, I would just like to advertise www.xtraticwar.com , its a fairly newish text based war
game, you get recruits, train them to eat weapons, find someone to attack, take retaliation against
them, go into the battlefield exploit for cash and recruit. "It's 2012, a world filled with
terror, devastated by years of war. Three cut throat factions have emerged, who's side will you
choose? Take your online gaming to the next level, play Xtratic War. The free to play war based
MMORTS. Choose from three different factions and begin playing today! Do you hav....
Allot Of Passwords
(6) hello , would it be difficult to let someone download a file if he enteres password (in total there
are 5 random codes (numbers and letters)) or on specific password ( for exemple :
ldplozdfkopzd213213 (just my hand laying on the keyboard)) when there always are 5 passwords and
they regenerate themselves. and i could get one by entering another password . and if i called them
, they should be good until someone enters it to download . I tought PHP , but it isn't that
safe ...(so enything is possible) thanks ....
How To Bypass Bios Passwords.
Read This Amazing Guide! (10) QUOTE The BIOS; Your computers BIOS is the first program that is run when your computer
starts. You can tell the BIOS to ask for a password when it starts, thus restricting access to
your computer. In most cases , It will Be Your Parents/Relative's. Learn how to bypass it
Their Are 2 Ways Of Doing This. ; 1) Using a Backdoor BIOS Password Some BIOS manufacturers
implement a backdoor password. The backdoor password is a BIOS password that works, no matter what
the user sets the BIOS password to. These passwords are typically used for testing and maint....
Newer Cpus, Are They Overkill?
(12) Every model of PC brings higher faster Processors. I've found Processors as fast as 3.0 Ghz in
normal home user's PCs. Companies are soaring the speed at which our Processors Process, as well
as their cost. I personally have found little difference on my 1.8 GHz and the 2.8 GHz machines I
have used. Simply I believe that the new Processors are overkill. The Motherboard remains a
bottleneck with no solution but fiber optics, further driving up the cost of PCs. I believe the new
speed of Processors is overkill, until the motherboard is speeded up and until the ave....
Symptoms Of Virus Attack
(0) The following are the symptoms of virus attack: 1. Your computer always stops responding when you
try to use certain software. This could also take place due to corruption of an essential file
required by that software. 2. You received an e-mail message that has a strange attachment. When you
open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs. 3.
There is a double extension on an attachment that you recently opened, such as .jpg .vbs or .gif.
exe. 4. An anti-virus program is disabled for no reason and it cannot be restarted. T....
Three DNS Root Servers Taken Down By DoS Attack
(6) According to recent new updates on InformationWeek , a moderate sized Denial of Service (DoS)
attack which in all probability originated in South Kora , nearly took down 3 of the 13 Root
Nameservers that collaborate and manage the internet traffic worldwide. When a single company is the
target of a DoS, it hurts only that particular company. However, a DoS attack on the root servers
mean attacking the very core of the internet infrastructure and can take down the substantial parts
of the net in one go. Fortunately for us, those three servers were heavily strai....
Need Help With 2-Way Password Encryption
How to properly store passwords in a database (8) Every article I've read on the internet so far suggests using MD5 or SHA1 to "encrypt" passwords
in a database, but MD5 and SHA1 are hashing functions; they only go one way. So then how do I let
users know what their password is if they forget it? I suppose I need a two-way encryption method,
right? Can somebody please tell me what the easiest way to solve my problem is with PHP and MySQL?
Thanks, Trevor....
How Do Can I Setup Usernames And Passwords?
Website Handler? (3) Ok so i started off building my website and i dont have it up and running yet but i would like to
know how i can set up usernames and passwords for the people that want to register with my website.
I want to know how i can set that up on my website. IF ANYONE KNOWS HOW TO DO THIS BUT DOESNT
FEEL LIKE TYPING IT OUT I WOULD APPRECIATE IT IF YOU COULD DIRECT ME TO A ONLINE TUTORIAL OR WEB
SITE THAT EXPLAINS HOW TO DO THIS. If you visit my homepage here www.zypher.rip3k.com you can
see that at the top there are the buttons and text fields that have already been put t....
nVidia Geforce 7950 Gx2
With 2 GPUs on one card...can we say Damnn... (4) Graphics cards are always updating, almost seems like a new one is coming out every month. I have
the nvidia GeForce 7900GT from a recently purchased Alienware computer. Now nvidia just released a
new graphics card that kills all graphics card. The single card has a combined total of 1GB of GDDR3
RAM, my new computer JUST got 1GB of ram. Here is the very interesting article for you guys to
check out, for all the hardware junkies like me out there. Because I know a summary of it cant feed
you, you need it raw so here it is: QUOTE Nvidia reintroduced SLI two ye....
Intel: Two New Laptop CPU's
(3) Intel introduced today two new CPU for Laptop's. CORE SOLO U1300 and U1400. This two news CPU
oppositivelly to CORE DUO includes just a single nucleum, witch means that are a very good solution
for modest systems perfomance. The U1300 and U1400, that work respectivitly 1.06Ghz and 1.2Ghz, are
the firsts Core ULV ( Ultra Low Voltage). The TDP ( Thermal Desing Power) announced, has only 5.5
Watts. An impressive value while compared with 15 Watts of Core Duo Low Voltage and 25 Watts of
standart Core Duo. ....
Help In Storing Encrypted Passwords In MySQL
(4) Hi, I need some help with storing password in mysql database or something similar. i used to store
the password in database using md5() function but there is no way to retrieve thepassword back. Now
i want to know that - is it standard and secure way to store password? is there any other technique
to store password so i can retrive it back? Any advice on this would be highly appreciated. you can
my quwstion in other websites Thanks....
Resetting Mac Os Passwords?
(11) Hi, I have been working with some Macs lately and had one today where the username and password were
not working for the administrator. I had a master list with me and tried using all the combinations
of username and password but it won't allow me to get in. I'm still considered to be a
newbie (very new actually), but is there any way to reset or retrieve the password somehow? I see
methods of doing this for Windows XP if the admin loses the password...just wondering if it's
possible on a Mac. Not sure if you want the specifics, but if there is a method/p....
Googling Passwords
Your passwords can be found from google (3) I found this one while surfing hope you people liked this QUOTE Googling Up Passwords
Google is in many ways the most useful tool available to the bad guys, and the most dangerous Web
site on the Internet for many, many thousands of individuals and organizations. Let's talk
about the stuff that people are serving without realizing it. Security pros have known about this
problem for years, but most computers users still have no idea that they may be revealing far more
to the world than they would want. In fact, it wouldn't be far from the truth to....
British Caught Carrying Out Staged Terror Attack?
who is the real terrorist? (0)
British Caught Carrying Out Staged Terror Attack?
who is the real terrorist? (3) America and their allegiences are the one who causes the trouble in the middle east. Not the locals.
It is the same to what happened around the globe. These people need someone to blame on, and they
use Muslims as the black sheep. Yesterday, some Britain commando go at a public, dressing as locals
and start shooting and killing Iraqi police. Eventually, they was cought alive and jailed. Then,
some group of Brit army with tanks and chopper bashed the jail and take them away. THIS IS RUDE!
See the report; "British Special Forces Caught Carrying Out Staged Terror In ....
Where Does Windows Xp Store Its Passwords ?
(10) Is thre a file where password information is kept in windows XP? If so what is it's name and
where is it located?....
Second Terrrorist Attack In London
Two weeks after first, 4 incidents. (4) Two weeks after London was subjected to six bombs, four incidents have taken place today. Thankfully
only one person was hurt, and this person was thought to be behind one of the incidents.
Understandably, police aren't releasing much specific information, but it has been said that
there is forensic evidence at the scene, more than last time, because the explosions were smaller.
Two people have been detained, but it is not known if these arrests were in connection to the
incidents. London is returning to normal, all bus services, with the exceptions of the closed-off....
China To Nuke USA
China plans a nuclear attack on US (53) China has planned and said that it will start a nuclear war against USA if US aids Taiwan any
further. However, I think that China can take other steps to decrease US's aid by decreasing the
amount of goods that are transported to US. I think that they should not start a nuclear war because
it would cause great damage and maybe a new world war. No comments from USA have been made yet. We
are not sure what is the point of view of US on the "new war." Any further comments welcome.
/blink.gif' border='0' style='vertical-align:middle' alt='blink.gif' /> ....
London Under Terrorist Attack
6 Bombs (16) London was bombed this morning, 6 bombs attacking the public transport system. Confirmed as
Terrorist attack, Al Qaeda caliming blame. Not many deaths and not a huge ammount of injurys.
London Emergancy Protocals in action within 10 minutes, Tony Blair and G8 summit members all making
speaches today to the UK population. Tony Blair is also going back to london from Gleneageles and
then returning tonight, The G8 summint will NOT be interupted cancelled. ....
Band Geeks Unite!
are you a band geek...I am (0) I am in Drumline( which is apart of Marching Band) and I will be trying out for drumcorps really
soon.....
After Site Outage, Can't Use Domain
Passwords have all been changed (2) Yesterday, and the day before, my site was down, no reason that I could tell, just was down. Now
that it is back up, I can't use any of my domain services, like mail, ftp, Cpanel, or anything
else that required a password, they look like they have all been changed.... Can someone please
reset the Cpanel password so that I may change all of my passwords again, Thanks so much.......
My Own Tip: How To Keep Your Passwords Safe
from keyloggers or spyware (3) Hi everyone, I haven't posted on Astahost for a long time. Now thinking of contributing to this
forum some good tips and tutorials (not crap posts or non-sense discussion). This is my own tip for
you to keep your passwords or secret numbers (like Credit card number) safe from keyloggers or
spywares installed on you system, which you may not be aware of them. Some may find this useful,
some may think it's crap but I'm sure that it should be helpful for people who dont know
much about computer's viruses/spyware... This tip only prevents giving your passw....
Guster Is For Lovers
Guster Fans Unite! (1) Hey yall, we got any diehard Guster fans out there? I've been listening to Guster for two years
now and still can't get enough. They are by far my favorite band ever. So if you're a
"Lover" like me, speak up! What's your favorite Guster song (or album) and why? What is
your favorite Guster experience? * * * * * * * * * The best Guster experience I ever had was
back home in Bloomington, Indiana. It was a big weekend on IU campus (Little 500 weekend), and one
of the Frats hosted a concert and booked Guster! My friends and I went nuts and ....
Passwords
pws (15) P@$$W0RD$ Email addresses, messengers, network logins: they're all protected
with passwords, but the fact that we have a password isn't enough to protect. It's the
'kind' of passwords that we choose which actually decides how protected our systems are.
Here are the don'ts that you should keep in mind while creating a password: Don't use names
of people, places, pets etc. These are the most obvious choices and are the first options someone
will check to find a match and it often works. Also, don't use your phone number, bi....
Looking for cpus, gpus, unite, attack, passwords
|
|
Searching Video's for cpus, gpus, unite, attack, passwords
|
advertisement
|
|
