Search My Blog

Thursday, June 2, 2011

GPU password cracking made easy - Hack a Day

GPU password cracking made easy

posted Jun 1st 2011 10:01am by Mike Szczys
filed under: security hacks

The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine he pitted the Cain password recovery tool which uses the CPU for its calculations against ighashgpu which uses ATI or Nvidia graphics cards to do the deed. Hands down ighashgpu is the fastest; with Cain taking about one year to crack an eight character password while ighashgpu can do it in under nineteen hours.
We were very interested to see how easy it is to use this package. We looked in on GPU cracking in September but didn’t focus on the software packages that are out there. Now that you know how easily your password can be unearthed perhaps you will get some use out of this article discussing the usability and security of longer passwords which we ran across over on Reddit.
tagged: , , , , , ,

Go there...

I wanted to try this out on some of the Computers in my Home Network. I have both an ATI and nVidia Video Cards, in two different Machines. But, sadly neither of them are supported. They are just a little too old, I guess. And I just bought my ATI a few months ago!:O I even looked in my Fedora Repo's and didn't find either of the Apps. I did find a nice little App when I searched for Cain though. It's called, fortune-firefly "Fortune-firefly provides a set of quotes from the popular television series "Firefly", and its movie "Serenity", by Joss Whedon. Quote authors include Tim Minear, Joss Whedon, Ben Edulund, Jane Esperson, Drew Z. Greenberg, Jose Molina, Cheryl Cain, and Brent Matthews." Cheryl Cain, being the reason it showed up in the search. Yep, I installed it, couldn't resist:) I've seen it before, but I'm not sure how to actually use it and see the great Wisdom of Firefly!;) Oh well... I have used several other Apps for finding or changing Forgotten Passwords in Windows Machines or Linux over the years. I usually use a Linux Boot CD, like System Rescue CD (since you need to do it offline anyway). There a quite a few Linux recovery CD-DVD's, that have the Password Recovery Apps on them. They are pretty fast and really all I need anyway. When I get an old Windows Machine given to me or a friend forgets their Password. That's all I really need an App like that for.... I have posted plenty about them on my Blog. You can use the Google Search Window on my Blog to fine the info. I searched for "recover password" and found allot... You can change it to something more specific to your needs and I bet you will find something good:)



 Supported GPUs

Only supported ATI cards are: HD RV7X0 and RV830/870. Which means -- 4550, 4670, 4830, 4730, 4770, 4850, 4870, 4890, 5750, 5770, 5850, 5870, 5970.
Catalyst 9.9+ must be installed. Catalyst 10.2/10.3 recommended.
Catalysts 10.4-10.6 and 5970 are incompatible.
Catalyst 10.7 not heavily tested but looks like working.
Only supported nVidia cards are: the ones with CUDA support, i.e. G80+.
Systems with multiple GPUs supported.

Current status


See Updates to this Post Here...

Re: [DonsDeals] New comment on GPU password cracking made easy - Hack a Day. 

My Video Card... The ATI Catalyst Control Center, says it's an ATI Radeon HD 4550 Card. And that is in the list of Supported Cards!:O

And here...

pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting

GPU password cracking made easy
GPU password cracking made easy - Hack a Day
GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card « Vijay's Tech Encounters - Cain & Abel
SHA1/MD5/MD4 bruteforcer for ATI and nVidia GPUs
GPU Processing and Password Cracking - Hack a Day
The Usability of Passwords (by @baekdal) #tips
Why "this is fun" is 10x more secure a password than "J4S!2" - and "fluffy is puffy" is even better : geek
MD4/MD5/SHA1 bruteforcer for ATI and nVidia GPUs
Cain & Abel User Manual
Index of /dot/progs/firefly
DonsDeals Blog - recover password - Google Search



jordanda said...

Have you had any experience with "hirens boot cd"? It has saved me so many times that it is now on a flash drive attached to my keys!
Boots to a miniature windowsXP that can auto configure networking, wireless included, setup most standard hardware, and it is very fast. There are tons and tons of programs on there including password recovery for windows( except X64 vista and 7 it seems) and key recovery etc.
here is a link that shows what it includes
I'm thinking of doing a dual boot with this and a linux variant on the flash drive, any suggestions? I'm getting tired of seeing Ubuntu everywhere. hehe

Have fun,

Don's Deals Blog said...

Yep, I used Hirens Boot CD allot when my WinXP System got a bad Root Kit. Hirens is great for those times when you need to run or install and run Windows Apps. Or need Windows Admin Permissions that you can't get with root on a Linux Rescue Live System. I also use, Parted Magic, Utilex, Clonezilla, GParted (CD and the App on any Distro), Fedora Live CD's (Fedora can mount all file systems, like ext4 which Debian can't do), Fusion 14 and Fuduntu (Fedora Remixes with more apps and flash and java installed), Elive 2.0 (Ubuntu based, but can get root without Password), UBCD (ultimate boot cd), Rescutaux and Insert CD's. Pretty much any Live Linux that will let you get root Privileges and install or have the needed Apps will work for Rescue Work. Here's a list that I found of Rescue Linux Dostros. Rescue, The LiveCD List And here's a new Post on the new Avast Rescue Disc Review & Rating from, Ya, I can't stand the way Ubuntu works or doesn't work. By not letting you get root (without a fight;) The first thing I do on a Ubuntu System is set a root Password. So that I don't have to work in the Command line to do every little thing in Ubuntu by typing sudo... command... With a root Password setup, you can do most things in the GUI. And in ArtistX, which is Ubuntu Based now. You can log into root and for instance, save your Duel Monitor Settings with the nVidia Card Setup App. Thanks for reading my Blog:)


Don's Deals Blog said...

I just remembered SliTaz Linux too! SliTaz is a free operating system providing a fully featured desktop or server in less than 30 MB. In Live mode SliTaz can run completely in RAM and boot from removable media such as a cdrom or USB key. The system is secure, stable and easy to use.

I've been trying it out in VirtualBox and I like it. I Posted about SliTaz in this here...


Vijay said...

I was just curious to know what GPU you use. If you bought an ATI GPU (or even Nvidia for that matter) recently, you should be able to run ighashgpu. If you are under Linux, you may wanna try Pyrit. It's a GPU racking tool to crack WiFi passwords.

Don's Deals Blog said...

Hey Vijay,

Thanks for the info!:) I made a new Post in Reply to your Comment. See it here...