Update: Great article about this at Threatpost! This also got slashdotted, featured on Tech News Today and there’s a ZDNet article about this.
Update: Because of the huge impact I have clarified some things here
As of today, Amazon EC2 is providing what they call “Cluster GPU Instances”: An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs. The exact specifications look like this:
22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)
2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge
GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?
Using the CUDA-Multiforce, I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.):
Stepping rate: 249.2M MD4/s
Search rate: 3488.4M NTLM/s
This just shows one more time that SHA1 for password hashing is deprecated – You really don’t want to use it anymore! Instead, use something like scrypt or PBKDF2! Just imagine a whole cluster of these machines (which is now easily available to anybody thanks to Amazon) cracking passwords for you. Pretty comfortable, large-scale password cracking for everybody!
Some more details:
If I find the time, I’ll write a tool which uses the AWS-API to launch on-demand password-cracking instances with a preconfigured AMI. Stay tuned either via RSS or via Twitter.
Installation Instructions:
I used the “Cluster Instances HVM CentOS 5.5 (AMI Id: ami-aa30c7c3)” machine image as provided by Amazon — I chose this because it was the only image with CUDA support built in — and selected “Cluster GPU (cg1.4xlarge, 22GB)” as the instance type. After launching the instance and SSHing into it, you can continue by installing the cracker:
I decided to install the “CUDA-Multiforcer” in version 0.7, as it’s the latest version of which the source is available. To compile it, you first need to download the “GPU Computing SDK code samples“:
# chmod +x gpucomputingsdk_3.2.12_linux.run
# ./gpucomputingsdk_3.2.12_linux.run
(Just press enter when asked for the installation directory and the CUDA directory.)
Now we need to install the g++ compiler:
The next step is compiling the libraries of the SDK samples:
# make lib/libcutil.so
# make shared/libshrutil.so
Now it’s time to download and compile the CUDA-Multiforcer:
# wget http://www.cryptohaze.com/releases/CUDA-Multiforcer-src-0.7.tar.bz2 -O src/CUDA-Multiforcer.tar.bz2
# cd src/
# tar xjf CUDA-Multiforcer.tar.bz2
# cd CUDA-Multiforcer-Release/argtable2-9/
# ./configure && make && make install
# cd ../
Since the Makefile of the CUDA-Multiforcer doesn’t work out of the box, we need to open it up and find the line
Replace CCFILES with LINKFLAGS so that the line looks like this:
And type make. If everything worked out, you should have a file ~/NVIDIA_GPU_Computing_SDK/C/bin/linux/release/CUDA-Multiforcer. You can try the Multiforcer by doing something like this:
# export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH
# cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/
# ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr
Congratulations, you now have a fully working, CUDA-based hash-cracker running on an Amazon EC2 instance.
Pingback: How my Facebook account was used to spam my friends with a CPA Offer - Dave Naffziger’s Blog
Pingback: With security, keep an eye on the forest - Marty's Blog
Pingback: Leonardo Musumeci » Blog Archive » Violare password “in the cloud”: le nuove EC2 GPU Instance di Amazon
For those of you that don’t want to pay for EC2 – you can always use my online hash cracker http://www.hashhack.com
Happy Cracking
Pingback: Is SHA1 still viable? | Tinsology
Some people here need to learn what the hell a salt is. Salts don’t magically make a 1 character password a 20 character password. Salts are not any more secret than the password hashes themselves. You should never assume that your salt is going to be secret. Salts should be either random and stored somewhere (best) or predictable from contextual information.
Having a salt added to the password reduces the ability to use a precomputed dictionary to attack a password (such as rainbow tables) and means that multiple passwords have to be tested individually, not all at once. This last statement is the key. Adding a salt really only strengthens your password hashes against dictionary attacks and brute force attacks targeting the *whole* hash database.
Pingback: هکر ماهیانه – شماره هشت
salt won’t increase brute force time only when you have sources.
if you don’t have sources you don’t know how hash computed. why it should be sha(pass.salt)? may be it sha(salt.pass.salt)? or sha(half-salt.pass.half-salt)?
Pingback: How to Hack a Wi-Fi Password? « lowtechlife
Pingback: Upcoming Black Hat Talk « stacksmashing.net
Pingback: Cracker une clé WiFi WPA (PSK) grâce au cloud’cracking
Pingback: לפרוץ רשתות אלחוטיות בפחות מ-2 דולר | Newsgeek
Pingback: Delicious Bookmarks for January 14th from 11:23 to 19:50 « Lâmôlabs
Pingback: Klogmand.DK » Cracking WPA using Amazon EC2 cloud service
I am doing my final year project in cryptography can any one give an how to write coding for beale cipher..I dont need full coding I need basics can anybody help
Hi, nice article. Would be cool if you could upload the “CUDA-Multiforcer-src-0.7.tar.bz2″ to a mirror or one-click-hoster and inform me/us. The problem is that the package is no longer available from cryptohaze. The package avail is damaged.
Pingback: Usan Cloud Computing para crackear contraseñas
If I’m reading this correct “Search rate: 3488.4M NTLM/s”, look at a single radeon 5770 GPU cracking an NTLM password. About 3.3 billion/s.
Hello! Even though it says NTLM/s it’s actually SHA1/s. So it’s 3488.4M SHA1/s.
Pingback: What's the easiest way to create secure salted password hashes in Python? - Quora
How complex was the password you tried to crack?
Pingback: German ‘hacker’ uses rented computing to crack hashing algorithm | ~Nyc0d~
Pingback: PlayStation Network taken by Amazon Cloud | silicon.de
I tested this today, with the latest ALPHA release (0.80ALPHA4) wich can use multiple GPU’s and cracked all hashes within 17 minutes…
./CUDA-Multiforcer-CPP -h SHA1 –min=1 –max=6 -f sha1_hashes.txt -c charset.txt -t 512
Pingback: Cracking Passwords In The Cloud » Dub Cloud
Makes me wonder if something similar can be done with the Wikileaks torrent..?
That’s a reminder that :
WEAK PASSWORDS ARE WEAK.
So :
- choose a good password (that does NOT mean with digits, mix-case…) : A good password is one WITH GOOD ENTROPY.
- stop wining about lack of “salt”
- stop wining about “broken” hashes
STOP PRETENDING SOME HASHING (MD5, SHA1) IS BROKEN.
Again :
WEAK PASSWORDS ARE WEAK.
MD5 PASSWORD HASHING IS NOT “BROKEN”.
SHA1 PASSWORD HASHING IS NOT “BROKEN”.
Sorry I had to SHOUT.
This nonsense has to stop.
Pingback: Kwell – Blog de Seguridad » Blog Archive » Utilizar la nube (Amazon) para crackear contraseñas y hashes
It’s not broken, use of MD5 and SHA1 for password hashing is just dumb/wrong IMHO.
Saying that :
is just dumb/wrong.
Pingback: Can I test for snooping?
Pingback: Amazon EC2のGPUインスタンス | ぷるーふ おぶ こんせぷと
How can I get the hash from WPA handshake? Please Thomas guide me through. I just want to know how to get my WPA password harsh with special characters.
This is great stuff. Has the AMI been setup yet for anyone to use? I would like to use an AMI like this for cracking some WPA too. If an AMI package was created with some huge rainbow tables pre-computed that would be great too! but I guess someone would have to pay to store the AMI.
Pingback: Brute forcing sha1 on the Amazon EC2 cloud using Cryptohaze’s CUDA Multiforcer | SketchTurner.com
Pingback: le Cloud pour pirater les mots de passe
Pingback: The Cheapest Way to Use the Cloud to Crack MD5 Using Google Instead of AWS?! | Trend Cloud Security Blog - Cloud Computing Experts
Pingback: The Cheapest Way to Use the Cloud to Crack MD5 Using Google Instead of AWS | Iron Wire Technology, LLC
Pingback: Usando la nube para romper MD5 « Techie Blog
Pingback: Usando la nube para crackear MD5 « Techie Blog
Pingback: Cloud Computing: Wie sicher ist die Datenwolke? - //SEIBERT/MEDIA Weblog
Pingback: openstackapi » The Cheapest Way to Use the Cloud to Crack MD5 Using Google Instead of AWS » openstackapi
Pingback: 最便宜的雲端運算破解MD5法是利用Google,而非Amazon雲端服務 | 雲端防毒是趨勢
I simply could not leave your website prior to suggesting that I actually loved the standard information a person provide for your guests? Is going to be again steadily in order to check out new posts
Pingback: How long is your password? | Risky Thinking Blog
Pingback: How long is your password? : Risky Thinking