The GPU Killed the Password.

About once a year I take the time to read up on the latest in password cracking techniques, try them out, and decide if anything really warrants a change in my behavior.  Well things have definitely heated up over the last couple of years. Rainbow tables were the last big thing in password attacks.  It’s a really interesting concept that trades time for storage.  As you would expect, these things get really big, especially when you start talking about eight or more characters.  Add in any level of complexity and you can see astronomical sizes, for example the NTLM tables for characters 1-8 including both upper and lower case, and numbers is 453gb.  That’s almost double the limit for inbound data that Comcast allows in a month for their residential customers.  Not only that, it would probably take about a month to download. Still, it’s a neat hack, and since searching a rainbow table is super fast it will still be relevant for a long time.  But something else has changed. Enter the GPU.  Graphics processors are designed in a significantly different fashion than a CPU.  They can do a small set of very specific computational tasks extremely efficiently.  If the task you have CAN be run on a GPU it will probably be significantly faster than if done on a normal CPU. Let’s take for instance my humble test system.  The CPU isn’t awful, but isn’t very speedy either.  It’s an Intel Quad-core Q8200 2.33ghz which is rated at 37.28 GigaFlops.  It was low-mid range range a few years ago and I recently put one of the lower end graphics cards in it.  When I was shopping for a new card my only real requirement was to have a displayport connector so I could use my iMac as a monitor and not have to run Backtrack in a VM.  I bought the cheapest card I could find with displayport, at the time a Radeon 5570.  Yes, it’s ONLY a $65 graphics card.  But, it’s capable of 520 GigaFLOPS (there are 400 processors on there.)  All the processing power on these graphics cards was pretty much locked away and only made available to actually performing rendering, shading, 3D acceleration etc, until recently.  A few different API’s have emerged, the two that are most accessible and widely used are CUDA (Nvidia only) and OpenCL (Nvidia, ATI, and a few others.)  Both technologies are focused on providing a set of C programming interfaces that general computing tasks to be assigned to a GPU, or CPU in parallel.  So, you can split a task across multiple CPUs and GPUs if you write a program using these libraries. This is really exciting for people who write software that does offline video or 3D rendering, mathematics processing (Like Mathematica.)  It’s also pretty useful for cracking passwords. For years my go-to tool for cracking passwords has been John the Ripper.  It’s a good tool, and is especially great for optimizing a password attack by using various hybrid cracking techniques. The real downside is that it doesn’t support NTLM in the free version (unless you apply a bunch of patches,) and it’s slow because it runs on CPU cores.  Going forward I will probably be sticking with HashCat.  More specifically one of the OpenCL enabled versions of HashCat.  There are several different programs depending on the type of attack you are performing (oclHashcat+ for dictionary, oclHashcat for hybrid and bruteforce attacks, and oclHashcat-lite for attacking a single hash with extremely high efficiency, lite is about 4x faster than a normal bruteforce attack with oclHashcat.) On Backtrack 5 (Ubuntu-based,) I installed the AMD APP SDK (OpenCL) pretty easily–just follow the instructions they provide, they are actually really good.  The only place I strayed form the directions was that I copied the compiled libraries to my /usr/local/lib directory and omitted putting the LD_LIBRARY_PATH variable in my profile.  Oh, and another tip that took me about an hour to figure out … the OpenCL APIs aren’t available until X Windows is running, I don’t know why it wasn’t obvious to me at first. There are plenty of forums and other resources to help you install it (just google it,) how about results?  Was it worth the trouble of buying a $65 video card and manually compiling a bunch of code?  YES! So how fast is it?  A brute force attack calculating every possible six character NTLM hash including mixed case alphabetic characters, numeric characters AND special characters took about 49 minutes (roughly 250 million hashes per second, actually pretty slow by GPU standards.)  The 450gb rainbow file?  I can calculate its equivalent bruteforce in under 9 days.  Really?  On a low-end video card?!?  There are plenty of people out there working on this, trying to build the fastest machines possible using up to eight dual GPU systems and reaching somewhere in the 20 TerraFlop range, so these numbers aren’t that impressive to someone that has been working around this technology, but to discover that my lowly 5570 was possible of cracking passwords at such a phenomenal rate is pretty shocking.  This is ten times faster than high-end server class systems I was using last year, on a workstation due for retirement. But what does it mean?  If you use good passwords, it probably doesn’t mean much to you at all.  But by good I don’t necessarily mean complex.  Which of the following two passwords seems more complex to you? @%*#jH2 versus I like using a sentence for my password! It’s ironic that the first password is not only nearly impossible to remember, but will be cracked on a $65 GPU in under two days. The second, will still take a very very long time to crack (years,) and incidentally is very easy to remember.  I’m not here to preach or to convert, I just want to point out that the technology that keeps passwords safe makes an assumption that has started to (completely?) changed.  That there is a tradeoff between complexity and time, but the time part of the problem just got shortened by several magnitudes.  Using special characters, numbers, mixed case, etc. is a great idea, it should definitely be a part of a good password.  But, despite what many guides suggest, a six character password with every complexity requirement is completely useless.  Short passwords just aren’t safe.  GPU accelerated cracking just makes it even more obvious. The real tragedy here is that many software products and websites don’t get it.  For example, PayPal limits the length of passwords to (tell me if I’m wrong here) 16 characters. There’s absolutely no reason to disallow a password that is less than 128 characters.  Aren’t you already storing it as a hash anyway?  (For the uninitiated that means that actual password length has no effect on the storage requirements–hashes are a fixed length.) With all the high-profile attacks that have dumped password databases from large online communities on the Internet, how likely is it that your password is out there somewhere already?  Going forward, think about sentences not passwords.  Use two-factor authentication whenever you can, and don’t expect that any specific website will keep your password safe.  I’m not saying you have to use a different passwordphrase for every website (although, it isn’t a bad idea,) just don’t use the same password for your online banking as your membership to some online chat forum.