speeding up gpu based password cracking
play

Speeding up GPU-based password cracking SHARCS 2012 Martijn - PowerPoint PPT Presentation

Aug 13, 2022 •49 likes •389 views

Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012 Introduction Background Research Results

  1. Speeding up GPU-based password cracking SHARCS 2012 Martijn Sprengers 1 , 2 Lejla Batina 2 , 3 Sprengers.Martijn@kpmg.nl KPMG IT Advisory 1 Radboud University Nijmegen 2 K.U. Leuven 3 March 17-18, 2012

  2. Introduction Background Research Results Who am I? Spare time Professional life • Ethical hacker • KPMG IT Advisory • Education • Master Computer Security at the Kerckhoffs Institute • Expertise and experience • Computer and network security • Password cracking • Social Engineering Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 2 / 28

  3. Introduction Background Research Results Cracking password hashes with GPU’s Goals • Show how password hashing schemes can be efficiently implemented on GPU’s • Impact on current authentication mechanisms • Pose relevant questions immediately but save discussions for the end Outline • Background information on MD5-crypt and GPU • Optimizations and speed-ups • Results and improvements Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 3 / 28

  4. Introduction Background Research Results Cracking password hashes with GPU’s Goals • Show how password hashing schemes can be efficiently implemented on GPU’s • Impact on current authentication mechanisms • Pose relevant questions immediately but save discussions for the end Outline • Background information on MD5-crypt and GPU • Optimizations and speed-ups • Results and improvements Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 3 / 28

  5. Introduction Background Research Results Motivation Why password hashing schemes? • Database leakage • Disgruntled employee • SQL injections • Accessible storage • ‘SAM’ file (Windows) • ‘passwd’ file (Unix) Why exhaustive search? • Humans and randomness → � • Humans and memorability → � • Limited keyspace → enables exhaustive search Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 4 / 28

  6. Introduction Background Research Results Motivation Why password hashing schemes? • Database leakage • Disgruntled employee • SQL injections • Accessible storage • ‘SAM’ file (Windows) • ‘passwd’ file (Unix) Why exhaustive search? • Humans and randomness → � • Humans and memorability → � • Limited keyspace → enables exhaustive search Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 4 / 28

  7. Introduction Background Research Results Why exhaustive search? Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 5 / 28

  8. Introduction Background Research Results Motivation Why MD5-crypt? • Commonly used • Default Unix scheme, Cisco routers, RIPE authentication • Basis for other hashing schemes and frameworks • SHA-crypt, bcrypt, PBKDF2 Why GPU? • New API’s support native arithmetic operations • Designed for highly parallelized algorithms Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 6 / 28

  9. Introduction Background Research Results Motivation Why MD5-crypt? • Commonly used • Default Unix scheme, Cisco routers, RIPE authentication • Basis for other hashing schemes and frameworks • SHA-crypt, bcrypt, PBKDF2 Why GPU? • New API’s support native arithmetic operations • Designed for highly parallelized algorithms Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 6 / 28

  10. Introduction Background Research Results Password hashing schemes Properties • Correct use of salts Definition Prevents from time-memory trade-off attacks • Slow calculation PHS : Z m 2 × Z s 2 → Z n 2 Key-stretching • Avoid pipelined implementations Hashing k passwords with the same salt should cost k times more computation time than hashing a single password Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 7 / 28

  11. Introduction Background Research Results Avoid pipelined implementations Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 8 / 28

  12. Introduction Background Research Results MD5-crypt MD5-compression round MD5-crypt MD5-crypt(“somesalt”,“password”) = $1$somesalt$W.KCTbPSiFDGffAGOjcBc. • Key-stretching • 1002 calls to MD5-compression function • Concatenates password, salt and intermediate result pseudo randomly Source: Wikipedia Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 9 / 28

  13. Introduction Background Research Results CUDA and memory model Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 10 / 28

  14. Introduction Background Research Results Attacker model Assumptions • Attacker model • Plaintext password recovery • Exhaustive search (ciphertext only) • No time-memory trade-off • Hardware • One CUDA enabled GPU: NVIDIA GTX 295 • 480 thread processors • 60 streaming multiprocessors • Password generation • Password length < 16 • Performance measured in unique password checks per second Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 11 / 28

  15. Introduction Background Research Results Our optimizations Our optimizations • Memory → Fast shared memory • Algorithm wise → Precompute intermediate results • Execution configuration → Block- and gridsizes • Maximizing parallelization → Password hashing is embarrassingly parallel • Instructions → Modulo arithmetic is expensive • Control flow → Branching is expensive Algorithm optimizations • Password length < 16 → One call to MD5compress() • Password length << 16 → Precompute intermediate results Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 12 / 28

  16. Introduction Background Research Results Our optimizations Our optimizations • Memory → Fast shared memory • Algorithm wise → Precompute intermediate results • Execution configuration → Block- and gridsizes • Maximizing parallelization → Password hashing is embarrassingly parallel • Instructions → Modulo arithmetic is expensive • Control flow → Branching is expensive Algorithm optimizations • Password length < 16 → One call to MD5compress() • Password length << 16 → Precompute intermediate results Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 12 / 28

  17. Introduction Background Research Results Our optimizations Our optimizations • Memory → Fast shared memory • Algorithm wise → Precompute intermediate results • Execution configuration → Block- and gridsizes • Maximizing parallelization → Password hashing is embarrassingly parallel • Instructions → Modulo arithmetic is expensive • Control flow → Branching is expensive Algorithm optimizations • Password length < 16 → One call to MD5compress() • Password length << 16 → Precompute intermediate results Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 12 / 28

  18. Introduction Background Research Results Memory optimizations Constant memory • Default: variables stored in local memory • Physically resides in global memory (500 clock cycles latency) • Cached on chip • As fast as register access (1 clock cycle latency per warp) Shared memory • User managed cache • On chip (2 clock cycles latency per warp) • Shared by all threads in a block • Small (16384 Bytes per multiprocessor) • Accessed via 16 banks Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 13 / 28

  19. Introduction Background Research Results Memory and algorithm optimizations Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 14 / 28

  20. Introduction Background Research Results Bank conflicts Problem int shared[THREADS_PER_BLOCK][16]; int *buffer = shared[threadId]; Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 15 / 28

  21. Introduction Background Research Results Bank conflicts Solution int shared[THREADS_PER_BLOCK][16+1]; int *buffer = shared[threadId]+1; Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 16 / 28

  22. Introduction Background Research Results Execution configuration optimizations Influence on our implementation Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 17 / 28

  23. Introduction Background Research Results Comparison with CPU implementations Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 18 / 28

  24. Introduction Background Research Results Comparison with other implementations Other implementations Work Cryptographic Algorithm Speed up GPU type over CPU Bernstein et al. [2, 1] Asymmetric ECC 4-5 Manavski et al. [5] Symmetric AES 5-20 Harrison et al. [3] Symmetric AES 4-10 Harrisonet al. [4] Asymmetric RSA 4 This work Hashing MD5-crypt 25-30 Martijn Sprengers, Lejla Batina March 17-18, 2012 Speeding up GPU-based password cracking 19 / 28

Recommend

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and

Distributed GPU password cracking Alexander Kasabov &amp; Jochem van Kerkwijk System and Network Engineering { akasabov | jkerkwijk } @os3.nl February 2, 2011 Outline Introduction Password cracking Graphics processing unit Distributed

501 views • 16 slides
Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides
Password Cracking Prof. Tom Austin San Jos State University How should you store users'

Password Cracking Prof. Tom Austin San Jos State University How should you store users'

CS 166: Information Security Password Cracking Prof. Tom Austin San Jos State University How should you store users' passwords? Reverse-lookup tables A cryptographic hash is irreversible. However, you can make a table of common hashes.

359 views • 11 slides
Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux

Running a FireSim Simulation: Password Cracking on a RISC-V SoC with SHA-3 Accelerators and Linux https://fires.im @firesimproject MICRO Tutorial 2019 Albert Ou Agenda Configure and launch a simulation runfarm Boot Linux interactively

771 views • 28 slides
Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu, Amanda Nakanishi, Maximilian Golla, David Cash, and Blase Ur November 26, 2019 | PasswordsCon | Stockholm, Sweden People Choose Weak Passwords Johnny14! 2 November 26,

2.25k views • 49 slides
Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi,

Reasoning Analytically About Password-Cracking Software Enze Alex Liu , Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur Chic4go 2 Attack Model 80d561388725fa74f2d03cd16e1d687c 3 Attack Model 80d561388725fa74f2d03cd16e1d687c

822 views • 81 slides
Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research Zurich based on joint work with Jan Camenisch, Anna Lysyanskaya &amp; Gregory Neven ROADMAP Password-Based Authentication How to make password

1.43k views • 43 slides
Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1

PAKE Game-based Security Universal Composability LAKE Outline Password-based Authenticated Key Exchange Password-based Authenticated Key Exchange 1 David Pointcheval Ecole Normale Sup erieure Game-based Security 2 Universal

927 views • 10 slides
IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based

IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based

IPAKE IPAKE Summary Summary Isomorphisms for Password-based Isomorphisms for Password-based Authenticated Key Exchange Authenticated Key Exchange Dario Catalano David Pointcheval Password-based CNRS-ENS France Authenticated Key

291 views • 5 slides
Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory features in Samba What has been done in the last year? Samba 4.9 Password and membership change auditing LMDB back-end (semi-experimental)

1.06k views • 49 slides
Speeding Up Your Mac A Joe ON Tech Guide Speeding Up Your Mac Basics Three factors affect

Speeding Up Your Mac A Joe ON Tech Guide Speeding Up Your Mac Basics Three factors affect

Speeding Up Your Mac A Joe ON Tech Guide Speeding Up Your Mac Basics Three factors affect your Macs performance more than anything else: CPU power. Most Macs dont have upgradable CPUs, but you can compensate by reducing the amount

292 views • 12 slides
Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master

Distributed Password Cracking Platform Dimitar Pavlov Supervisors : Gerrie Veerman Marc Smeets UvA SNE Master Students Michiel van Veen 08-02-2012 1 The project Research Question : How can a scalable , modular and extensible middleware

357 views • 22 slides
Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay

Cracking the code Cracking the code Houston, we have a problem. Consanguineous Marriage Tay Brain T2-Hyperintensity Sachs Stem Pelizaeus- B12 Metabolism U-Fibres Merzbacher Hypomyelination T1-Hypointensity CSF Salla LEUKODYSTROPHY

918 views • 62 slides
IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code:

IAPF TRUSTEE NETWORK EVENT CRACKING THE DC CODE: VALUE FOR MONEY WELCOME Cracking the DC Code: Value for Money Rickard Mills Council Member, IAPF THANK YOU SPONSOR Cracking the DC Code: Value for Money HOUSEKEEPING Cracking the DC Code:

1.04k views • 54 slides
Telling The Time chris.anley@nccgroup.trust The Bug Server generates a time-based: -Password

Telling The Time chris.anley@nccgroup.trust The Bug Server generates a time-based: -Password

Telling The Time chris.anley@nccgroup.trust The Bug Server generates a time-based: -Password reset token -Session id -Random password -REST API Key ... For example: PHP uniqid() Gets a prefixed unique identifier based on the current

371 views • 14 slides
Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this

5/25/2019 Network Security Topic 3: User Authentication Topic 3: User Authentication 1 Reading for this Lecture 5/25/2019 Password Topic 3: User Authentication Password strength Salt_(cryptography) Password cracking

1.03k views • 75 slides
twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

twenty six diagonal cracking shear f c http://www.bam.de concrete construction:

A RCHITECTURAL S TRUCTURES : Concrete in Compression F ORM, B EHAVIOR, AND D ESIGN ARCH 331 crushing D R. A NNE N ICHOLS vertical cracking S PRING 2018 tension lecture twenty six diagonal cracking shear f c

137 views • 3 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 4 Password Strength &amp; Cracking Roadmap Password Authentication How Passwords are

512 views • 32 slides
Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens

Credential Access with Hashcat Dawid Czagan SECURITY INSTRUCTOR @dawidczagan Creator: Jens Steube Hashcat is the no. 1 offline password cracker. It supports different password cracking techniques and many hash algorithms. What's more it

894 views • 19 slides
DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger

DATABASE CRACKING: Fancy Scan, not Poor Mans Sort! Hardware Folks Cracking Folks Don Holger Pirk Eleni Petraki Strato Idreos Stefan Manegold Martin Kersten EVALUATING RANGE PREDICATES COMPLEXITY ON PAPER Scanning: O(n) Sorting:

910 views • 43 slides
Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of

Cracking Wireless Ryan Curtin LUG@GT Ryan Curtin Cracking Wireless - p. 1 Goals By the end of this presentation (if you stay awake), you will: Goals Setting Up Checking Injection Understand the different types of wireless keys

447 views • 13 slides
Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti

Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti

Speeding up VP9 Intra Encoder with Hierarchical Deep Learning Based Partition Prediction Somdyuti Paul, Andrey Norkin and Alan C. Bovik AOM Symposium 2019 VP9 Partition Prediction Using H-FCN October 21, 2019 1 / 19 Outline Introduction

401 views • 19 slides

More recommend