motherboards
Arctic
Arctic Feezer 7x
Results 1 to 3 of 3

Thread: 25-GPU cluster cracks every standard Windows password in <6 hours

  1. #1
    Core Member

    Status
    xelosia is offline

    Last Online
    04-04-2020 @ 16:22
    Join Date
    May 2012
    Location
    Windsor Ontario
    Posts
    1,921
    CPU: Intel I5 7600k Gabby Lake
    M/B: Gigabyte aorus Z270X gaming K7
    RAM: 16 gig Ballistic tacticle DDR4
    GPU: powercolor devil R9 270X Windforce
    • xelosia's Full Spec's
      • Case:
      • Phanteks model m
      • PSU:
      • Antec Edge 650 watt
      • Cooling:
      • CoolerMaster master liquid ML240L rgb
      • Sound:
      • On Board SB output to a Pioneer VSX906S Reciever
      • Monitor:
      • Sharp 32Inch lcd
      • OS:
      • Windows 10 Pro 64 Bit
      • Misc:
      • LG Blue Ray Burner Fnatic rush mecanical cherry brown swichs Keyboard GSkill MX 780 mouse patriot viper 480 gig m2 NVMe sata OCZ Revo 350 960 gig PCIe Transcend 128 gig SSD Transcend 256 gig SSD CoolerMaster RGB mouse pad
    Thanks
    160
    Thanked 388 Times in 321 Posts
    Points: 68,749, Level: 81
    Points: 68,749, Level: 81
    Level completed: 42%,
    Points required for next Level: 1,001
    Level completed: 42%, Points required for next Level: 1,001
    Overall activity: 99.0%
    Overall activity: 99.0%

    Default 25-GPU cluster cracks every standard Windows password in <6 hours



    A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.
    The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft included in every version of Windows since Server 2003. As a result, it can try an astounding 958 combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm—which many organizations enable for compatibility with older Windows versions—will fall in just six minutes.
    The Linux-based GPU cluster runs the Virtual OpenCL cluster platform, which allows the graphics cards to function as if they were running on a single desktop computer. ocl-Hashcat Plus, a freely available password-cracking suite optimized for GPU computing, runs on top, allowing the machine to tackle at least 44 other algorithms at near-unprecedented speeds. In addition to brute-force attacks, the cluster can bring that speed to cracks that use a variety of other techniques, including dictionary attacks containing millions of words.
    "What this cluster means is, we can do all the things we normally would with Hashcat, just at a greatly accelerated rate," Jeremi Gosney, the founder and CEO of Stricture Consulting Group, wrote in an e-mail to Ars. "We can attack hashes approximately four times faster than we could previously."
    Gosney unveiled the machine last week at the Passwords^12 conference in Oslo, Norway. He previously used a computer equipped with four AMD Radeon HD6990 graphics cards that could make about 88 billion guesses per second against NTLM hashes. As Ars previously reported in a feature headlined "Why passwords have never been weaker—and crackers have never been stronger," Gosney used the machine to crack 90 percent of the 6.5 million password hashes belonging to users of LinkedIn. In addition to the power of his hardware, his attack was aided by a 500 million-strong word list and a variety of advanced programming rules.
    Using the new cluster, the same attack would moved about four times faster. That's because the machine is able to make about 63 billion guesses against SHA1, the algorithm used to hash the LinkedIn passwords, versus the 15.5 billion guesses his previous hardware was capable of. The cluster can try 180 billion combinations per second against the widely used MD5 algorithm, which is also about a four-fold improvement over his older system.
    The speeds apply to so-called offline cracks, in which password lists are retrieved by hackers who exploit vulnerabilities on website or network servers. The passwords are typically stored using one-way cryptographic hash functions, which generate a unique string of characters for each unique string of plaintext. In theory, hashes can't be mathematically reversed. The only way to crack them is to run guesses through the same cryptographic function. When the output of a particular guess matches a hash in a compromised list, the corresponding password has been cracked.
    The technique doesn't apply to online attacks, because, among other reasons, most websites limit the number of guesses that can be made for a given account.
    The advent of GPU computing over the past decade has contributed to huge boosts in offline password cracking. But until now, limitations imposed by computer motherboards, BIOS systems, and ultimately software drivers limited the number of graphics cards running on a single computer to eight. Gosney's breakthrough is the result of using VCL virtualization, which spreads larger numbers of cards onto a cluster of machines while maintaining the ability for them to function as if they're on a single computer.





    "Before VCL people were trying lots of different things to varying degrees of success," Gosney said. "VCL put an end to all of this, because now we have a generic solution that works right out of the box, and handles all of that complexity for you automatically. It's also really easy to manage because all of your compute nodes only have to have VCL installed, nothing else. You only have your software installed on the cluster controller."
    The precedent set by the new cluster means it's more important than ever for engineers to design password storage systems that use hash functions specifically suited to the job. Unlike, MD5, SHA1, SHA2, the recently announced SHA3, and a variety of other "fast" algorithms, functions such as Bcrypt, PBKDF2, and SHA512crypt are designed to expend considerably more time and computing resources to convert plaintext input into cryptographic hashes. As a result, the new cluster, even with its four-fold increase in speed, can make only 71,000 guesses against Bcrypt and 364,000 guesses against SHA512crypt.
    For the time being, readers should assume that the vast majority of their passwords are hashed with fast algorithms. That means passwords should never be less than nine characters, and using 13 or even 20 characters offers even better security. But long passwords aren't enough. Given the prevalence of cracking lists measured in the hundreds of millions, it's also crucial that passwords not be names, words, or common phrases. One easy way to make sure a passcode isn't contained in such lists is to choose a text string that's randomly generated using Password Safe or another password management program.

    25-GPU cluster cracks every standard Windows password in <6 hours | Ars Technica

  2. #2
    Regular Member

    Status
    MattyMatt is offline

    Last Online
    03-08-2015 @ 20:01
    Join Date
    Jul 2012
    Location
    Edmonton, AB, Canadia
    Posts
    843
    CPU: Intel i7 3770K herp derp Mhz 6 oclock
    M/B: Asus P8Z77-V Deluxe Sausage not included
    RAM: Crucial Ballistix Sport 2X8GB DDR3-1600 1.5V CL9
    GPU: MSI 670 SLIng
    • MattyMatt's Full Spec's
      • Case:
      • Bitfenix Ghost
      • PSU:
      • Seasonic Platinum 860
      • Cooling:
      • H100 and fans, all bitfenix spectre pro
      • Sound:
      • Onboard for life
      • Monitor:
      • Benq XL2410T but no 3D, just the high heart rate
      • OS:
      • Windows are doors at 8
      • Misc:
      • I am missing some super special order screws that I cannot seem to find anywhere :/
    Thanks
    11
    Thanked 44 Times in 41 Posts
    Points: 4,303, Level: 19
    Points: 4,303, Level: 19
    Level completed: 14%,
    Points required for next Level: 347
    Level completed: 14%, Points required for next Level: 347
    Overall activity: 8.0%
    Overall activity: 8.0%

    Default Re: 25-GPU cluster cracks every standard Windows password in <6 hours

    Perfect. Now give me access

  3. #3
    Regular Member

    Status
    calemus is offline

    Last Online
    22-08-2017 @ 22:03
    Join Date
    May 2011
    Posts
    1,230
    Thanks
    291
    Thanked 82 Times in 79 Posts
    Points: 11,185, Level: 31
    Points: 11,185, Level: 31
    Level completed: 91%,
    Points required for next Level: 65
    Level completed: 91%, Points required for next Level: 65
    Overall activity: 99.2%
    Overall activity: 99.2%

    Default Re: 25-GPU cluster cracks every standard Windows password in <6 hours

    if it's not running my video games and making money for me at the same time it's a fail
    learning is good .....understanding is better .....pleas teach with wisdom............................................ ..............calemus

Remove Ads

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 0
    Last Post: 05-12-2012, 14:54
  2. AMD FX-8350 Cracks 7.443 GHz
    By Lil' ½ Dead in forum AMD
    Replies: 11
    Last Post: 27-10-2012, 17:10
  3. Microsoft cracks down on XBL homophobia
    By Lil' ½ Dead in forum Consoles & Games
    Replies: 2
    Last Post: 08-03-2010, 01:30
  4. Network password help
    By grumpydaddy in forum Internet and Networks
    Replies: 1
    Last Post: 19-08-2008, 22:07

Search tags for this page

amd fx-8350 password crack

,

cpu cluster cracks

,

crack password video cards

,

hashcat mit amd fx 8350

Click on a term to search for related topics.

Tags for this Thread