Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security

New John the Ripper Cracks Passwords On FPGAs 58

Long-time Slashdot reader solardiz has long bring an advocate for bringing security to open environments. Wednesday he contacted Slashdot to share this update about a piece of software he's authored called John the Ripper: John the Ripper is the oldest still evolving password cracker program (and Open Source project), first released in 1996. John the Ripper 1.9.0-jumbo-1, which has just been announced with a lengthy list of changes, is the first release to include FPGA support (in addition to CPU, GPU, and Xeon Phi). This is a long-awaited (or long-delayed) major release, encompassing 4.5 years of development and 6000+ commits by 80+ contributors. From the announcement:

"Added FPGA support for 7 hash types for ZTEX 1.15y boards [...] we support: bcrypt, descrypt (including its bigcrypt extension), sha512crypt & Drupal7, sha256crypt, md5crypt (including its Apache apr1 and AIX smd5 variations) & phpass. As far as we're aware, several of these are implemented on FPGA for the very first time. For bcrypt, our ~119k c/s at cost 5 in ~27W greatly outperforms latest high-end GPUs per board, per dollar, and per Watt. [...] We also support multi-board clusters (tested [...] for up to 16 boards, thus 64 FPGAs, [...] on a Raspberry Pi 2 host)."
This discussion has been archived. No new comments can be posted.

New John the Ripper Cracks Passwords On FPGAs

Comments Filter:
  • Long-time (Score:4, Funny)

    by kaoshin ( 110328 ) on Saturday May 18, 2019 @01:49PM (#58614656)

    Long-time Slashdot reader solardiz has long bring an advocate for bringing security to open environments.

    Me long bring an advocate this editing long-time!

  • I didn't hear any mentions of blockchains or AI. For that reason I'm out.

    • Re:Ob (Score:5, Insightful)

      by solardiz ( 817136 ) on Saturday May 18, 2019 @05:23PM (#58615470) Homepage

      I like to provide serious replies to jokes, so

      In terms of blockchains, new with this JtR jumbo release is support for many additional cryptocurrency-related "formats", such as wallets and more. Please check out the full announcement [openwall.com] for a list of added formats. People tend to forget their passphrases, and JtR can help recover weak and partially-forgotten ones. (But not a fully forgotten strong passphrase.)

      In terms of AI, even JtR 1.0 released in 1996 was trained on real passwords and used that training to try candidate passwords in order of decreasing estimated probability. That was one aspect distinguishing it from all other password cracker programs of the time. More recent JtR releases include training based on the RockYou leak, but all of them can easily be re-trained by the user on the user's passwords cracked so far, to target further passwords more efficiently (assuming they have greater similarity than RockYou's to those already cracked, and the number of already cracked passwords is large enough to provide meaningful statistics - ideally, millions, but a few thousand also works to some extent). During our tuning of the algorithms, we've also done proper out-of-sample testing (with different training and test sets), etc. - like you would with an AI project.

  • I guess someone was going to try to exploit this password cracking ability. So why not develop the open source cracks? But it does make it super-convenient for black-hats.
    • by Anonymous Coward

      It also means we can test to make sure we are safe. We don't want only the bad guys to have the best tools!

      • This, If you've never tried brute forcing one of your own passwords you need to re-think your position as a nerd.

    • Almost all encryption can be brute force cracked regardless of what is used. That is not a secret. Effective encryption relies on the process taking so long that the information is useless by the time it is cracked. The best methods require end of univers amounts of time.

      These programs do test whether or not those scenarios are true.

      • by epine ( 68316 ) on Saturday May 18, 2019 @05:53PM (#58615580)

        Almost all encryption can be brute force cracked regardless of what is used.

        You have entirely failed to understand the core problem here.

        Colin Percival on scrypt [tarsnap.com]

        Providing that the number of iterations used is increased as computer systems get faster, this allows legitimate users to spend a constant amount of time on key derivation without losing ground to attackers' ever-increasing computing power — as long as attackers are limited to the same software implementations as legitimate users.

        However, as Bernstein famously pointed out in the context of integer factorization, while parallelized hardware implementations may not change the number of operations performed compared to software implementations, this does not prevent them from dramatically changing the asymptotic cost, since in many contexts — including the embarrassingly parallel task of performing a brute-force search for a passphrase — dollar-seconds are the most appropriate units for measuring the cost of a computation. As semiconductor technology develops, circuits do not merely become faster; they also become smaller, allowing for a larger amount of parallelism at the same cost.

        Consequently, using existing key derivation algorithms, even if the iteration count is increased such that the time taken to verify a password remains constant, the cost of finding a password by using a brute force attack implemented in hardware drops each year. This paper aims to reduce the advantage which attackers can gain by using custom-designed parallel circuits.

        There's a table on page 14 if you are not equation or proof friendly.

        Quad-Spartan 6 LX150 FPGA Board with USB 2.0 Microcontroller [www.ztex.de]

        The FPGA Board is optimized for computations that do not require a much bandwidth and RAM.

        In other words, it's completely useless to anyone who has read Colin's paper and taken appropriate memory-intensive countermeasures, which I'm guessing from the paper's bibliography was published circa 2010.

        • When was that paper written?

          Estimated cost of hardware to crack a password in 1 year

          MD5, 80-char test $1.5T . First that's just MD5. That seems extremely out of date.

    • But it does make it super-convenient for black-hats.

      Yeah, on both sides of the law :-)

      Still, whatever levels the playing is a good thing.

    • by Anonymous Coward

      johntheripper is open source cracking software

      https://www.openwall.com/john/k/john-1.9.0-jumbo-1.tar.xz

  • and his contribution is a powerful, multi-platform password cracker.... Something doesn't seem right there.
  • Very cool, a cluster of these is basically a homemade WindsorGreen-type brute-forcing machine!

Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly.

Working...