Password Cracking or How I Learned to Stop Worrying and Love the Cloud

1. Password Cracking or How I Learned to Stop Worrying and Love the Cloud Alex Newton

2. VCL • Virtual OpenCluster • Two types of nodes • Broker Node • Central node that distributes work • Compute Nodes • Peripheral nodes that process work received from Broker Node

3. More GPUs = More Guesses • oclHashcat Plus • Password cracking suite optimized for GPU computing • Runs on top of VCL software, which distributes work to machines in the cluster • Focus of the build was to dedicate as many GPUs as possible to cracking passwords

4. 8 GPUs, most likely Radeon HD 7970: Courtesy JeremiGosney’s presentation from Passwords^12

5. Some Quick Stats • The Cluster itself: • Five 4U servers • 10 Radeon HD 7970 • 4 Radeon HD 5970 (Dual GPU) • 3 Radeon HD 6990 (Dual GPU) • 1 Radeon HD 5870 • 4 SDR Infiniband interconnect • 7kW of electricity

6. Some Quick Stats • Guesses/second for some popular hashes • LM: 20b guesses/second • SHA1: 63b guesses/second • MD5: 180b guesses/second • NTLM: 348b guesses/second

7. Password Cracking in the Cloud • Online service offered by Moxie Marlinspike, creator of Whisper Systems • Supply a Handshake that was captured from a connection made to a wireless AP, an SSID, and an encryption type • Password will be cracked for you for a small fee on a distributed computing network • CloudCracker Website

8. In Conclusion • Distributed Computing is an extremely powerful tool for password cracking because it allows attempts to be run simultaneously on discrete hardware. • CloudCrack and services like it will make cloud computing accessible to everyone, but what they do with it is up to them.

9. References • 25-GPU cluster cracks every standard Windows password in <6 hours – ArsTechnica • Password Cracking HPC (pdf) – Jeremi M. Gosney at Passwords^12 • #Defcon: Marlinspike expands Cloudcracker– SC Magazine