Got leftover GPUs? Why not crack some passwords?

About The Author

CNET Editor

Craig was sucked into the endless vortex of tech at an early age, only to be spat back out babbling things like "phase-locked-loop crystal oscillators!". Mostly this receives a pat on the head from the listener, followed closely by a question about what laptop they should buy.

What do you do with five 4U servers, 25 Radeon GPUs and Virtual Open Computing Language? Crack passwords, naturally.

Just one of the 4U servers.
(Credit: Jeremi Gosney)

As reported by The Security Ledger, researcher Jeremi Gosney created the cracking monster that's able to brute force a Windows XP (LM) password in six minutes.

While other password hashes take longer to crack, it's proof that the password, by itself, is not secure. Using the current set-up, the system should be scalable to "at least 128 AMD GPUs".

The password cracking monster versus various password hashes.
(Credit: Jeremi Gosney)

(Credit: Jeremi Gosney)

Bandwidth isn't an issue, with brute force methods "consistently [using] < 8 Mbps", "wordlist attacks on fast hashes use no more than 800 Mbps", and there was an "average peak of 88 Mbit per physical card". Ethernet latency was more of a problem, with Infiniband helping to address the issue.

Jeremi presented all of this at the Passwords^12 Conference in Norway — for those interested in more detail, his slides can be found here (PDF).

Add Your Comment 2

Post comment as

KiranM1 posted a comment   

makes you wonder what a government agency that can easily get hold of a supercomputer(at least 10^4 times more powerful than this one) can do..


smartalec posted a comment   

I wonder if Jeremy realises that you can crack any windows password in considerably less time than 6 minutes with a copy of backtrack on a usb stick or CD, no additional hardware required.

Sponsored Links

Recently Viewed Products