gpu based password recovery on linux. txlf 2013

12
GPU based password recovery on Linux Brad Richardson

Upload: brad-richardson

Post on 25-May-2015

248 views

Category:

Technology


0 download

DESCRIPTION

This is the slides for what I presented at Texas Linux Fest 2013 (http://2013.texaslinuxfest.org/content/gpu-based-password-recovery-linux).

TRANSCRIPT

Page 1: GPU based password recovery on Linux. TXLF 2013

GPU based password

recovery on LinuxBrad Richardson

Page 2: GPU based password recovery on Linux. TXLF 2013

#whoami

Brad Richardson – Enterprise Systems Engineer - HPC and Cloud

RHCE – Red Hat Certified Engineer #805008158134728

RHCVA - Red Hat Certified Virtualization Administrator

CCAH – Cloudera Certified Administrator for Apache Hadoop

VCP – VMware Certified Professional

Chase Herrington – Enterprise Systems Engineer - HPC and Cloud

RHCE – Red Hat Certified Engineer

RHCVA - Red Hat Certified Virtualization Administrator

LPI 3 – Linux Professional Institute Certification 3

VCP – VMware Certified Professional

Page 3: GPU based password recovery on Linux. TXLF 2013

Prerequisites

Linux system (RHEL 6.4 used in all examples)

7zip

GPU or GPGPU – AMD preferred for best performance

oclHashcat-plus – supports openCL and CUDA

Catalyst 13.1 (AMD) or CUDA Toolkit 5 (nVidia)

Hardware used in all examples:

Dell PowerEdge R720

nVidia Tesla m2075 GPGPU

2x Intel E5-2620 6-core CPUs @ 2.0GHz

64 GB ECC DDR3 memory

Page 4: GPU based password recovery on Linux. TXLF 2013

Performance

Server and workstation GPUs not recommended. There is no need for double

precision or ECC memory. Examples include nVidia Tesla, Quadro, or AMD FirePro.

Preferred GPUs – AMD 6990, AMD 5970, or AMD 7970

AMD 6990 md5 hash rate – 6956M c/s – high performance/limited availability

AMD 7970 md5 hash rate - 5470M c/s – high performance/high availability

nVidia tesla m2075 md5 hash rate – 1188M c/s – low performance/high cost

2x Intel Xeon E5-2620 CPU md5 hash rate – 69.1M c/s – very poor performance

AMD vs nVidia

AMD GPUs almost always outperform nVidia for hash cracking.

AMD typically has more cores at slower clock speed than nVidia resulting in better

OpenCL parallelization.

Page 5: GPU based password recovery on Linux. TXLF 2013

oclHashcat-plus installation

# wget http://hashcat.net/files/oclHashcat-plus-0.13.7z

# 7za x oclHashcat-plus-0.13.7z

# cd oclHashcat-plus-0.13

• For AMD GPUs use oclHashcat scripts

• For nVidia GPUs use cudaHashcat scripts

Page 6: GPU based password recovery on Linux. TXLF 2013

Brute force guessing#./cudaHashcat-plus64.bin -a 3 -m 0 -1 ?l?u?d --increment -n 160 -u 1024 hashlist

-a 3 = attack method – 3 for brute force

-m 0 = hash type – 0 for md5

-1 ?l?u?d = charset mask - use -1 to define custom charset

?l – abcdefghijklmnopqrstuvwxyz

?u – ABCDEFGHIJKLMNOPQRSTUVWXYZ

?d – 0123456789

?s - !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

--increment = password length increment

-n 160 –u 1024 = GPU specific optimization for gpu-accel and gpu-loops

hashlist = filename for hash list file

Page 7: GPU based password recovery on Linux. TXLF 2013

Brute force guessing – complex password

• 8 character password with lowercase, uppercase, and numbers took 16 hours,

46 minutes to brute force.

• Same md5 hash using CPU was estimated to take 36 days.

Page 8: GPU based password recovery on Linux. TXLF 2013

Brute force guessing – simple password

• 7 character password with lowercase chars took 13 seconds to brute force.

• Same md5 hash using CPU was estimated to take 14 hours.

Page 9: GPU based password recovery on Linux. TXLF 2013

Dictionary guessing

#./cudaHashcat-plus64.bin -a 0 -m 500 -n 160 -u 1000 hashlist wordlist

-a 0 = attach method – 0 for dictionary

-m 500 = hashtype – 500 for md5crypt

-n 160 –u 1000 = GPU specific optimization for gpu-accel and gpu-loops

hashlist = filename for hash list file

wordlist = filename for dictionary word list file

I am using a 15GB word list file

Dictionary guessing is not recommend on fast algorithms like MD4, MD5 or NTLM. It takes longer to transfer the wordlist data to GPU global memory rather than to just attack them on the GPU.

Dictionary guessing on slow algorithms like md5crypt (1000 iterations), phpass (up to 8k iterations) or WPA/WPA2 (16k iterations) can efficiently run on a GPU.

Page 10: GPU based password recovery on Linux. TXLF 2013

Dictionary guessing – md5crypt

• Dictionary attack completed successfully in 16 minutes, 28 seconds

• Same md5crypt hash using CPU completed successfully in 2 hours, 43 minutes.

Page 11: GPU based password recovery on Linux. TXLF 2013

Advanced hardware examplesDell CloudEdge c410x

• 16x GPGPUs in 4U chassis

• GPGPU only

TYAN FT72B7015

• 8x GPUs in 4U chassis

• GPU and compute

Page 12: GPU based password recovery on Linux. TXLF 2013

Useful links and resources

oclHashcat-plus http://hashcat.net/oclhashcat-plus/

hashcat wiki http://hashcat.net/wiki/

Catalyst 13.1

http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx

CUDA Toolkit http://developer.nvidia.com/cuda-toolkit

Virtual Cluster (VCL) http://www.mosix.org/txt_vcl.html