GPU based password recovery on Linux. TXLF 2013

775 views

Published on

This is the slides for what I presented at Texas Linux Fest 2013 (http://2013.texaslinuxfest.org/content/gpu-based-password-recovery-linux).

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
775
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

GPU based password recovery on Linux. TXLF 2013

  1. 1. GPU based password recovery on Linux Brad Richardson
  2. 2. #whoami Brad Richardson – Enterprise Systems Engineer - HPC and Cloud  RHCE – Red Hat Certified Engineer #805008158134728  RHCVA - Red Hat Certified Virtualization Administrator  CCAH – Cloudera Certified Administrator for Apache Hadoop  VCP – VMware Certified Professional Chase Herrington – Enterprise Systems Engineer - HPC and Cloud  RHCE – Red Hat Certified Engineer  RHCVA - Red Hat Certified Virtualization Administrator  LPI 3 – Linux Professional Institute Certification 3  VCP – VMware Certified Professional
  3. 3. Prerequisites  Linux system (RHEL 6.4 used in all examples)  7zip  GPU or GPGPU – AMD preferred for best performance  oclHashcat-plus – supports openCL and CUDA  Catalyst 13.1 (AMD) or CUDA Toolkit 5 (nVidia) Hardware used in all examples:  Dell PowerEdge R720  nVidia Tesla m2075 GPGPU  2x Intel E5-2620 6-core CPUs @ 2.0GHz  64 GB ECC DDR3 memory
  4. 4. Performance  Server and workstation GPUs not recommended. There is no need for double precision or ECC memory. Examples include nVidia Tesla, Quadro, or AMD FirePro.  Preferred GPUs – AMD 6990, AMD 5970, or AMD 7970  AMD 6990 md5 hash rate – 6956M c/s – high performance/limited availability  AMD 7970 md5 hash rate - 5470M c/s – high performance/high availability  nVidia tesla m2075 md5 hash rate – 1188M c/s – low performance/high cost  2x Intel Xeon E5-2620 CPU md5 hash rate – 69.1M c/s – very poor performance AMD vs nVidia  AMD GPUs almost always outperform nVidia for hash cracking.  AMD typically has more cores at slower clock speed than nVidia resulting in better OpenCL parallelization.
  5. 5. oclHashcat-plus installation # wget http://hashcat.net/files/oclHashcat-plus-0.13.7z # 7za x oclHashcat-plus-0.13.7z # cd oclHashcat-plus-0.13 • For AMD GPUs use oclHashcat scripts • For nVidia GPUs use cudaHashcat scripts
  6. 6. Brute force guessing #./cudaHashcat-plus64.bin -a 3 -m 0 -1 ?l?u?d --increment -n 160 -u 1024 hashlist  -a 3 = attack method – 3 for brute force  -m 0 = hash type – 0 for md5  -1 ?l?u?d = charset mask - use -1 to define custom charset  ?l – abcdefghijklmnopqrstuvwxyz  ?u – ABCDEFGHIJKLMNOPQRSTUVWXYZ  ?d – 0123456789  ?s - !"#$%&'()*+,-./:;<=>?@[]^_`{|}~  --increment = password length increment  -n 160 –u 1024 = GPU specific optimization for gpu-accel and gpu-loops  hashlist = filename for hash list file
  7. 7. Brute force guessing – complex password • 8 character password with lowercase, uppercase, and numbers took 16 hours, 46 minutes to brute force. • Same md5 hash using CPU was estimated to take 36 days.
  8. 8. Brute force guessing – simple password • 7 character password with lowercase chars took 13 seconds to brute force. • Same md5 hash using CPU was estimated to take 14 hours.
  9. 9. Dictionary guessing #./cudaHashcat-plus64.bin -a 0 -m 500 -n 160 -u 1000 hashlist wordlist  -a 0 = attach method – 0 for dictionary  -m 500 = hashtype – 500 for md5crypt  -n 160 –u 1000 = GPU specific optimization for gpu-accel and gpu-loops  hashlist = filename for hash list file  wordlist = filename for dictionary word list file  I am using a 15GB word list file  Dictionary guessing is not recommend on fast algorithms like MD4, MD5 or NTLM. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the GPU.  Dictionary guessing on slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU.
  10. 10. Dictionary guessing – md5crypt • Dictionary attack completed successfully in 16 minutes, 28 seconds • Same md5crypt hash using CPU completed successfully in 2 hours, 43 minutes.
  11. 11. Advanced hardware examples Dell CloudEdge c410x • 16x GPGPUs in 4U chassis • GPGPU only TYAN FT72B7015 • 8x GPUs in 4U chassis • GPU and compute
  12. 12. Useful links and resources  oclHashcat-plus http://hashcat.net/oclhashcat-plus/  hashcat wiki http://hashcat.net/wiki/  Catalyst 13.1 http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx  CUDA Toolkit http://developer.nvidia.com/cuda-toolkit  Virtual Cluster (VCL) http://www.mosix.org/txt_vcl.html

×