SLIDE 1
Background information Main question Test approach GPGPU vs CPU Conclusion Discussion Future
2
Marcus Bakker & Roel van der Jagt Background information Main - - PowerPoint PPT Presentation
Marcus Bakker & Roel van der Jagt Background information Main - - PowerPoint PPT Presentation
Marcus Bakker & Roel van der Jagt Background information Main question Test approach GPGPU vs CPU Conclusion Discussion Future 2 General computations with GPUs has become available (GPGPU) GPU performances
SLIDE 2
SLIDE 3
General computations with GPUs has
become available (GPGPU)
GPU performances develop fast Hashes can be brute forced with enough
power
3
SLIDE 4
What should we (KPMG) advise our clients
regarding password length and complexity now GPU-based password cracking has become reality?
4
SLIDE 5
Length: 6, 8, 10 and 12 Characters: 0, a, a0, aA0, aA0~ 5 passwords each Total: 4*5*5 = 100 passwords 4 tools 4 hashes
- MD5
- NTLM
- DCC
- Oracle 11g
5
SLIDE 6
Total: 9 tests, 400 hashes, 900 results Tested for single passwords Test hardware
- Intel Core i7 920
- 2x Nvidia GTX295
6
SLIDE 7
7
SLIDE 8
8
SLIDE 9
9
SLIDE 10
10
SLIDE 11
Parallel vs Serial SIMD
vs SISD
Limited vs Full instruction set Disadvantage GPGPU
- Limited amount of memory available per thread
- Limited amount of shared memory
- Off-chip memory access takes a lot of cycles
- Limited instruction set
11
SLIDE 12
12
SLIDE 13
13
SLIDE 14
14
SLIDE 15
Advised password length
- aA0~
Nine or more characters
- aA0
Ten or more characters
- a0 or A0
Twelve or more characters
No differences per hash or tool
15
SLIDE 16
Rainbow tables Dictionary attacks Crack the hashes left
16
SLIDE 17
GPUs become faster and faster
- ATI 5970 6.1 billion passwords / second (MD5)
- 4 times faster
17
SLIDE 18
18
SLIDE 19
19
SLIDE 20
20
SLIDE 21
“A measure for the amount of disorder” log2(n) # passwords in keyspace = 2(entropy password)
21
SLIDE 22
22
SLIDE 23
23