Forgot your password?
typodupeerror
Encryption Security IT

New 25-GPU Monster Devours Strong Passwords In Minutes 330

Posted by Soulskill
from the om-nom-nom dept.
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."
This discussion has been archived. No new comments can be posted.

New 25-GPU Monster Devours Strong Passwords In Minutes

Comments Filter:
  • by TheLink (130905) on Wednesday December 05, 2012 @06:29AM (#42189839) Journal
    My conclusion is to use different passwords for different things. They don't have to be that strong.

    As long as the passwords are strong enough to prevent brute forcing over the _NETWORK_ they are strong enough. If you don't pick an overly stupid password then either you or the site is going to be pwned before the hackers brute-force/guess your password over the network.

    If someone has hacked into the site to obtain the hashes, it's likely they can do other stuff anyway (make transactions, get your info, maybe even get the plaintext of your password), so don't waste your time making and using super long passwords.
  • by ghostdoc (1235612) on Wednesday December 05, 2012 @06:32AM (#42189847)

    So now that passwords as a system is officially broken, can we please move on to something better? Something that wasn't invented to allow soldiers standing watch in the middle of the night to tell their mates from their enemies, but is actually designed for computers?

    And no, of course I don't have any better ideas... this is /. and I'm here to pointlessly criticise!

  • by slb (72208) * on Wednesday December 05, 2012 @06:43AM (#42189893) Homepage
    This is well known and no sane people uses NTLM auth anymore, even Microsoft recommend to deactivate this authentication method. The idiots at Microsoft used a DES ECB implementation instead of CBC that anyone with two ounce of crypto knowledge would choose. The practical impact of this very bad design choice is that a 14 character password has as much complexity as two independant 7 characters passwords ! So when the authors brag about cracking a 14 character password in 6 minutes, what they're really doing is cracking two 7 character passwords in 6 minutes, this is entirely different and not impressive at all.
  • by bmo (77928) on Wednesday December 05, 2012 @06:45AM (#42189905)

    Pretty much this. Brute forcing passwords over the Internet is silly and non-productive.

    >it's likely they can do other stuff anyway

    What, you mean like the Youporn chat registration list that had the usernames and passwords *and* verification email addresses in plaintext? Or like when Yahoo was compromised? Or like dozens of other companies were compromised? Or like when EMC was spear-phished out of RSA tokens?

    My concern isn't someone with a hundred Tesla cards cracking passwords. My concern is dumb admins and people falling for social-engineering.

    --
    BMO

  • XP Passwords (Score:4, Insightful)

    by jonbryce (703250) on Wednesday December 05, 2012 @06:59AM (#42189961) Homepage

    I was under the impression that a 14 character NTLM password was basically two 7 character passwords, and the fact you can crack them easily is not news. Rainbow tables will crack them in a matter of seconds on a standard PC setup.

  • by Sique (173459) on Wednesday December 05, 2012 @06:59AM (#42189967) Homepage
    You are missing situations where for instance config files are stored separately. I have the situation where I are going on a customer site to replace defective network gear, and I get the config files to upload them into the gear before replacing them. For security reasons, I don't get the configured console password, if I made an error, I would have to empty the config via recovery and start anew. I just replace the gear, phone the network guy of the customer and he then checks connectivity. It wouldn't help to modify the config before uploading to an empty password, because part of the configuration is the connection to an AAA server which kicks in as soon as the network connectivity is there, and then it closes all open consoles and locking me out. But if I could brute force the shared keys whose hashes are in the config files, I might still get in.
  • by Xenna (37238) on Wednesday December 05, 2012 @07:13AM (#42190025)

    This system cracks password hashes. But there's one thing missing: You need to get your hands on the password hashes first!

    Therefore you require access to a system. If you already have access to that system it's fairly trivial to install password capturing code. That way you don't even need to crack any hashes.

    The problem remains that a hacker who gains access to a badly secured system can do almost anything he likes. Secure hashes or not.

  • Re:XP Passwords (Score:4, Insightful)

    by bloodhawk (813939) on Wednesday December 05, 2012 @07:16AM (#42190033)
    This article only talks about very old deprecated algorithms which to be quite honest if you are reliant on those for your security you have far more trouble then just weak passwords or someone brute forcing. NTLMv2 has been in available for use in windows since the NT 4 days and LM/NTLM were off by default from vista onwards.
  • by mwvdlee (775178) on Wednesday December 05, 2012 @07:25AM (#42190063) Homepage

    You mean your system allows users to enter weak passwords?

  • Re:Lockout? (Score:3, Insightful)

    by Anonymous Coward on Wednesday December 05, 2012 @07:29AM (#42190075)
    Umm ...

    mount the SunOS disk, write a new password hash into /etc/shadow of a known password, sync the file systems to disk and reboot.

    Does not take anywhere near a month!
  • by Anonymous Coward on Wednesday December 05, 2012 @07:36AM (#42190101)

    Already have. Public/private key pairs, one of the modes of SSH. (And by far the preferred mode.)

    Yes, we are rapidly approaching the point where the only way to secure a system is something you have, not something you know. Or at least, not solely something you know. That's all right. We're used to that. How do you start your car? Or open the door to your house? Something you have. And for any expensive car made in the past decade, that something you have isn't just the physical shape of the key. It's also a chip on the key.

    For that matter, doesn't World of Warcraft provide you the option of two-factor authentication, and one of the factors is something you have? The thingie that generates codes? I vaguely recall there were flaws in the specific implementation those cards use, which affected more than just WoW, but the concept is sound.

    I'm waiting for the advent of the UberRFID. I call it that because it would have no on-board power source, just as RFID doesn't, and for the same reason: cheapness and very very small size. However, rather than just squawking its ID, it would suck enough power from the querying antenna to perform a full cryptographic handshake with the querying device, SSH-style, using cryptographic keys loaded onto it. Then you can carry your keys with you, and even conceal it. Hide it in a ring on your finger, or inside an innocuous plastic keychain trinket, or a bracelet or a watch. Anything you can conveniently get near to a reader built in to your keyboard. Or your car. Or your front door. Keep the current authentication, whatever it may be. Password for your computer, or the mechanical key for your front door. But add on that second factor and verify it simultaneously.

    There's been some work along these lines already. It's only a matter of time before somebody works out a way to transmit enough power to get the job done in a small enough form factor.

  • by Dins (2538550) on Wednesday December 05, 2012 @08:57AM (#42190539)

    Thanks for the idea, and I hadn't heard of Lastpass, so I looked them up and found this [wikipedia.org]. Stuff like that, while probably never likely to affect me personally, still scares the hell out of me.

    Yes, that's just one site. But if one site I use has their PW file stolen and broken I lose out on one site (and potentially any others I've used that specific PW for). If I trusted something like lastpass with my entire life and then they were successfully hacked...

  • by Anonymous Coward on Wednesday December 05, 2012 @09:27AM (#42190717)

    i think email should be on the top list of priority - because "reset your password" on every other system tends to use your email address. lose control of your email and you've lost control of everything else.

  • by Anonymous Coward on Wednesday December 05, 2012 @09:32AM (#42190771)

    In other words, why would a hacker who has already had an access to the server attempting to crack passwords over the Internet? Why not download (make transaction) the data and crack them locally?

    The point is that, as long as you don't use the same password for multiple sites, cracking your password wouldn't allow the attacker to do anything they couldn't already do, since they've already broken into the system the password was supposed to protect.

  • by PlusFiveTroll (754249) on Wednesday December 05, 2012 @10:03AM (#42191043) Homepage

    There problem is there is still tons of old sites that have MD5 storing passwords. Then there is the second problem of password reuse. Username/Password reuse is the more dangerous of the two, because it can render an account on a system with strong passwords where then local attacks can be attempted.

  • by sapphire wyvern (1153271) on Wednesday December 05, 2012 @10:28AM (#42191297)

    This person deserves +5 Insightful.

    An online email account often comprises the keys to the online kingdom. From looking at the email history you can often learn what usernames and accounts a person has on other services, and then reset all the login credentials for those other services. I'm pretty sure I remember reading about that exact sequence happening to someone high profile quite recently.

  • by Catskul (323619) on Wednesday December 05, 2012 @10:54AM (#42191631) Homepage

    > My concern is dumb admins and people falling for social-engineering.

    It's as soon as we stop claiming that it's just stupid people who fall for social-engineering that we'll finally get better at avoiding it.

  • Re:my password (Score:5, Insightful)

    by bogie (31020) on Wednesday December 05, 2012 @11:29AM (#42192007) Journal

    And many password strength checkers don't catch that either and let you think you are picking a good password.

    Single factor authentication has had it's run. Now it's deader than a doornail. Time to move on and stop living in the past.

  • Re:my password (Score:5, Insightful)

    by hawguy (1600213) on Wednesday December 05, 2012 @12:03PM (#42192385)

    1.... 2.... 3.... 4.... 5....

    29 characters, including spaces...not bad. As long as the attacker doesn't know anything about your password and has to test all ASCII printable characters, that's over 180 bits of entropy in your password. So I think you're safe - the article says it would take 5 hours to hack an 8 character NTLM password. (which is not the same as LM (WinXP))

    I think NTLM only keeps a 128bit hash, so if it were possible to brute force the entire key space, the attacker would likely find a hash collision that works as your password before finding your actual password.

  • Re:my password (Score:5, Insightful)

    by Technician (215283) on Wednesday December 05, 2012 @12:16PM (#42192517)

    My door lock is even more secure with a 4 digit pin. 3 failed attempts lock it out for several minutes. More failed attempts lock it for an hour. It doen't bother to tell you it is ignoring you during that period. A penalty instead of millions of free retries should stop that without physical access.

  • Re:my password (Score:4, Insightful)

    by mlts (1038732) * on Wednesday December 05, 2012 @12:40PM (#42192775)

    I think it is time that we moved to two factor authentication as a whole.

    What would be nice would be if there was one secure time/event based standard across the board for the authentication keyfob. OATH comes close, but there is always people/enterprises using SecurID. Perhaps something like the Google Authenticator, except with a stronger [1] hashing algorithm.

    Ideally, it would be good to have multiple hardware devices, just like one keeps more than one key to a vehicle, and this can be a smartphone app, a dumbphone/featurephone app, a dedicated token like a Blizzard Authenticator, or a device that gets power when plugged into a USB slot.

    One can add biometric authentication before the device offers the 6-8 digit code as well for three factor authentication (what you know, what you own, what you are.)

    [1]: Perhaps multiple algorithms with the output XOR-ed together so if one algorithm is weak, it won't affect the unpredictability of the outputted numbers.

    [2]: Reason one has it run from a computer is so it does not need to worry about having a battery. Even the best lithium ones eventually will fail in a couple years.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...