Archive for November, 2010

CPU based password cracking is not dead!

Posted in Password cracking, Security on 2010/11/05 by mram

In the old day, password cracking (or password auditing or recovery if you are that old school) was relatively easy. You got the hashes from a system, put them in John The Ripper, waited a while and had results. If you wanted faster cracking you just bought a bigger CPU. In the last few years much has changed. We have seen new ways for password cracking like pre-computation tables and rainbow tables. But one of the major recent shifts is that to new architectures with massive theoretical power that we can use for brute force password cracking.

In this post I will not be challenging the enormous computational advantages for brute force password cracking that new architectures provide. These new architectures are simply better for specialized tasks.

However, this post is about:

  1. Putting the power of new architectures in perspective (that of a professional penetration tester*, see below for details);
  2. Proving that CPU based password cracking is long from dead;
  3. The introduction to a little hobby project I will discuss in a future post.

New architectures and why they are not usable yet

So let’s start with the new architectures that are  already being discussed in relationship to password cracking. These architectures are:

  • Cell architecture (e.g. from the PlayStation3);
  • Field-Programmable Gate Array (FPGA) and to some extend even Application Specific Integrated Circuits (ASIC);
  • Cloud Computing;
  • Graphics cards, or Graphics Processing Units (GPU).

I will only cover GPU here and not the Cell, FPGA/ASIC and Cloud architectures. They are proven to be very fast in very specific situations, but non usable at this moment as they have too many disadvantages at this moment. For Cell research has been done by Nick Breese but practical implementations are very limited, only MD5 and WPA that I know of. Others you should create yourself. FPGA and ASICS require a setup per hash type or reprogramming your setup. They require detailed knowledge of pseudo-hardware design and programming skills for every specific hash type. Therefor they are relatively expensive and only interesting for very targeted attacks. Finally, Cloud Computing sounds cool but is ridiculous expensive for password cracking. It also has an inherent insecurity that you will be sending your client’s data to a  service provider which in itself may require you to change your contract with your own client.

That does not mean that some bloke somewhere in the world has got a setup up and running. Or that very specific setups are actually kicking ass, like the FPGA setup for cracking A5/1.  It does mean that these architectures are not ready for wide scale usage at this moment.

If you disagree with the stated disadvantages, please keep on reading as there are disadvantages to GPU based cracking that also apply to the just mentioned architectures.

They say GPU is the new way

There is one architecture that has come to a very fast rise in the last few years: graphics cards, or Graphics Processing Units (GPU) with General-Purpose computation on Graphics Processing Units (GPGPU) standing for the activity of using your graphics card for doing other computations than graphics. I will not cover the details of GPU’s here, many resources exist on the intertubes. What is important for this article is that GPU’s have more power than CPU’s have for parallelization, which happens to be quite useful for brute force password cracking as these are simple calculations that can be programmed in parallel very easily. It’s Single Instruction Single Data (SISD) on CPU versus Single Instruction in Multiple Data (SIMD) for GPUs. SIMD wins in regards to raw power on predefined tasks. Many research exists on the net about this topic, like this.

OK, that’s all very interesting but nothing new I hear you say. GPUs are fast, new, full with potential and kicks but for password cracking. But let’s take a step back and be critical for a moment.

Should we give up on CPU based password cracking?

My answer is no, or not yet. I’ve got two reasons for that:

  1. Brute force cracking is only part of the game;
  2. GPU tools have several key disadvantages at this moment.

I will discuss both.

Brute force power is only a part of the job

Up until now I only covered brute force cracking. I would like to point out that brute force cracking should only be considered as a last resort. A fast cracking of password hashes depends on much more:

  1. A descent cracking strategy for the hash type. Hash types differ in ease of cracking. Per hash types and per knowledge about the client or the effective password policy it differs if you want to use rainbow tables, dictionaries, brute force and/or educated guesses, and in what order you want to use this;
  2. A good dictionary, customized to the environment. Dictionary cracking is faster than brute force and is an essential part of cracking. The dictionary should reflect the words people tend to use as the base of their password. The dictionary is than used for cracking on the raw words (e.g. vanessa) and on the mutations of the raw words (e.g. Vanessa2003). With a dictionary adjusted to the specific environment you can make a big difference.
  3. Good, stable tools that you can use for the actual cracking. This means support for the hash type and non crashing. If I put in a list of hashes to be cracking during the night, I must be sure that I get some results in the morning. I also need an easy to use interface.  In my case I want it to be accessible for my team via a web interface and possibly via a secure email interface.
  4. Raw power for brute force cracking. This is the step where we simply try all possible combinations of the characters space to find a password as apparently the password is that strong.

As you can see, only the final step includes brute force cracking. By the time you get there most of the times you already have cracked a large set of the hashes. If you have more raw power, you can make a difference on the final step. Only on the final step.

Disadvantages of GPU tools

I’ve been playing around with a GPU setup for several years now. My setup consist of: Intel i7 920 @ 2,66GHz, 6GB DDR3 @ 1066MHz, 2x ASUS ENGTX295x GPU cards with 1.8GB memory, 1x NVIDIA 9800GT,  ASUS P6T7 Supercomputer mother board and a 1500Watt power supply. Now, this a pretty impressive system and the results of cracking on this box are also. It has shown that GPU based password cracking is very fast and an easy way to go for replacement of CPU based password cracking on a single box.

But during my testing, this setup has shown several very important disadvantages  that prevent me and my team from usage. These disadvantages are:

  1. Support of hashes. Many tools exist and most of the tools support the most used hashes, e.g. LM, NTLM, MD5. But there are many more hash types that I need support for (e.g. Kerberos, MD5 Crypt, MS Cached, MySQL, SHA, Oracle, etc.) as they are used in the real world at my clients;
  2. The tools are highly unstable. It truly is a market that is not yet matured. Whizzkids pop-up doing some blindingly fast implementations of specific hashes types. But the result is that the tools are in a beta or 0.x stadia, remain there for a long time and that the majority of the tools only focus on 1 hash type;
  3. It’s very hard to scale. Clustering or distributed usage is not possible with the current tools so you are stuck with one box. To put a box full of GPU cards requires immense power supplies, a mother board with a ridiculous amount of PCI slots (of which only a few exist). And then you still only have one box which isn’t very useful if you have a team of people wanting to crack hashes.  You could also go Tesla, but the performance on Tesla setups is not that great with the available tools: the whizzkids simply can’t develop for an architecture that they don’t have. Tesla is also not the cheapest way to go;
  4. It’s hard to automate as many tools only support 1 hash per time. The interfaces of the tools are all different with some being solely interactive (non scriptable, darn you Windows GUI apps);
  5. The performance gain of GPUs is on average about 5-30x compared to CPU based cracking. Faster is better, but I find it not _that_ shocking (OK, relatively).

It’s when I simply compete my old school CPU based John The Ripper setup with wordlists and easy to use and stable interface to the GPU cracking server and tools with these disadvantages, the CPU thing is simply faster most of the time. Only when I’m looking for that true random 9 character hash GPUs do the trick. But when you are at 10 characters, the majority of the hashes is non breakable for GPU. So the sweet spot for GPU is limited at this moment.

No I don’t forget the commercial tools

There are commercial tools available that do support more hash types, are distributed to some extend and should be stable. For example the guys at Elcomsoft make some cool stuff. I really support these companies in making their business out of password auditing. But their licensing and/or their fee simply doesn’t make it usable for me. Also, the impact of cracking passwords to my clients is a bigger when I only use freely available tools. Yes, you may think this shouldn’t count as a valid reason. But the thing is that I can recommend the client only to a certain extend. In the end my client is the one that decides to pick up a finding about weak passwords and give it a certain priority for follow up. In my experience the acceptance and priority is much higher when I use freely available tools during the illustrating in the reporting and/or the demo of the hack.


So, there you have it. I’ve been using GPU based password cracking for some time now. I’ve seen the power. I fully support all the different tools that are out there and I expect them to be fully awesome in the future. I really do.

But at this moment there are too many disadvantages, and the advantages are not that great. Maturing the GPU tools, having support for more hashes and be able to cluster it, that would be great. But before we are their yet I don’t want to give up CPU based password cracking combined with a good cracking strategy and good dictionaries. It simply better suits my need as a professional pentester.

For me personally one of the biggest disadvantages of current GPU tools is the interface and the abbility to scale to distributed environment. As I will show you in a future blog post, I’ve got a pretty cool solution for that for CPU based tooling: clustering with a proper interface. I get really cool results with that.

* My background here is that of professional penetration testing. When I’m at a client and hacked one or several of their system I need to pick out the (too) easy password immediately and be able to crack the remaining hundreds or thousands hashes I found in short amount of time. I don’t necessary need to crack them all, although that would be convenient. Where a real hacker has lots of time, I need to provide the client with proper insight within a short amount of time.  I don’t have a gazillion euro budget to buy all tools available and I will not be sending the hashes of my client to a different service provider. I do work in a team of testers, we share a lab consisting of several systems that can support us in our work, and I do have knowledge of what type of passwords people actually choose. Operations of the cracking servers should be fast and easy for us.