90 likes | 220 Views
Password Cracking or How I Learned to Stop Worrying and Love the Cloud. Alex Newton. VCL. Virtual OpenCluster Two types of nodes Broker Node Central node that distributes work Compute Nodes Peripheral nodes that process work received from Broker Node. More GPUs = More Guesses.
E N D
Password Cracking or How I Learned to Stop Worrying and Love the Cloud Alex Newton
VCL • Virtual OpenCluster • Two types of nodes • Broker Node • Central node that distributes work • Compute Nodes • Peripheral nodes that process work received from Broker Node
More GPUs = More Guesses • oclHashcat Plus • Password cracking suite optimized for GPU computing • Runs on top of VCL software, which distributes work to machines in the cluster • Focus of the build was to dedicate as many GPUs as possible to cracking passwords
8 GPUs, most likely Radeon HD 7970: Courtesy JeremiGosney’s presentation from Passwords^12
Some Quick Stats • The Cluster itself: • Five 4U servers • 10 Radeon HD 7970 • 4 Radeon HD 5970 (Dual GPU) • 3 Radeon HD 6990 (Dual GPU) • 1 Radeon HD 5870 • 4 SDR Infiniband interconnect • 7kW of electricity
Some Quick Stats • Guesses/second for some popular hashes • LM: 20b guesses/second • SHA1: 63b guesses/second • MD5: 180b guesses/second • NTLM: 348b guesses/second
Password Cracking in the Cloud • Online service offered by Moxie Marlinspike, creator of Whisper Systems • Supply a Handshake that was captured from a connection made to a wireless AP, an SSID, and an encryption type • Password will be cracked for you for a small fee on a distributed computing network • CloudCracker Website
In Conclusion • Distributed Computing is an extremely powerful tool for password cracking because it allows attempts to be run simultaneously on discrete hardware. • CloudCrack and services like it will make cloud computing accessible to everyone, but what they do with it is up to them.
References • 25-GPU cluster cracks every standard Windows password in <6 hours – ArsTechnica • Password Cracking HPC (pdf) – Jeremi M. Gosney at Passwords^12 • #Defcon: Marlinspike expands Cloudcracker– SC Magazine