At the Passwords^12 Conference in Oslo, Norway researcher Jeremi Gosney presented an extremely powerful password cracking rig that wields a spectacularly heavy 25 GPUs in order to quickly chew through cryptographic hashes and extract the passwords that they hide. The slides are available online [PDF] and in his demo he showed how the rig could use OpenCL and VCL to run Hashcat—a password cracking program—across a cluster to burn down Windows XP passwords in less than six minutes.
The Security Ledger broke the story and it was picked up by Slashdot and reddit to much controversy about the application of such a rig and how it might be used.
To be pointed, the 25 GPU rig is designed as a highly parallel cluster for hash cracking:
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
It’s exactly this sort of set up that people might expect to be used by hackers who have successfully penetrated a website and stolen the user credentials; but it would not be useful for cracking the passwords of users on an online service. This device would be used to attack a pile of cryptographically hashed passwords captured from a website in order to get the passwords stored within. I have discussed hashes and why they’re important in previous articles about leaks.
In security terms, cryptographic hashing of passwords isn’t a panacea to make users’ passwords uncrackable, it exists to slow down the bad guys so that once the password loss is discovered that it gives IT processionals (and users) time to change their passwords and do damage control.
However, with the advances with rigs such as Gosney’s GPU cluster that time is shortening.
As a result, popular and consumer level cryptographic hash algorithms need to keep up with the computing power capable of cracking them. In fact, recently Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD, acknowledged that the production level hashing function wouldn’t be long for this world as it could be quickly cracked by something like the Gosney GPU rig.
“As the author of md5crypt, I implore everybody to migrate to a stronger password scrambler without undue delay,” Kamp wrote in June. At the same time, he bowed out of the Red Queen race and urged people to use stronger (and if they could, unique-to-them) algorithms to help protect their users.
To this day, cryptographic hashing is still the industry standard for increasing the damage control time in the case of password leaks. As this is indeed a Red Queen race with cracking technology, it’s necessary to move into bigger and badder complexity in order to lengthen that time once again as governments and criminal enterprises also upgrade their equipment to lengthen their own window of opportunity.