Update: Great article about this at Threatpost! This also got slashdotted, featured on Tech News Today and there’s a ZDNet article about this.
Update: Because of the huge impact I have clarified some things here
As of today, Amazon EC2 is providing what they call “Cluster GPU Instances”: An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs. The exact specifications look like this:
22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)
2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge
GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?
Using the CUDA-Multiforce, I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.):
Stepping rate: 249.2M MD4/s
Search rate: 3488.4M NTLM/s
This just shows one more time that SHA1 for password hashing is deprecated – You really don’t want to use it anymore! Instead, use something like scrypt or PBKDF2! Just imagine a whole cluster of these machines (which is now easily available to anybody thanks to Amazon) cracking passwords for you. Pretty comfortable, large-scale password cracking for everybody!
Some more details:
If I find the time, I’ll write a tool which uses the AWS-API to launch on-demand password-cracking instances with a preconfigured AMI. Stay tuned either via RSS or via Twitter.
Installation Instructions:
I used the “Cluster Instances HVM CentOS 5.5 (AMI Id: ami-aa30c7c3)” machine image as provided by Amazon — I chose this because it was the only image with CUDA support built in — and selected “Cluster GPU (cg1.4xlarge, 22GB)” as the instance type. After launching the instance and SSHing into it, you can continue by installing the cracker:
I decided to install the “CUDA-Multiforcer” in version 0.7, as it’s the latest version of which the source is available. To compile it, you first need to download the “GPU Computing SDK code samples“:
# chmod +x gpucomputingsdk_3.2.12_linux.run
# ./gpucomputingsdk_3.2.12_linux.run
(Just press enter when asked for the installation directory and the CUDA directory.)
Now we need to install the g++ compiler:
The next step is compiling the libraries of the SDK samples:
# make lib/libcutil.so
# make shared/libshrutil.so
Now it’s time to download and compile the CUDA-Multiforcer:
# wget http://www.cryptohaze.com/releases/CUDA-Multiforcer-src-0.7.tar.bz2 -O src/CUDA-Multiforcer.tar.bz2
# cd src/
# tar xjf CUDA-Multiforcer.tar.bz2
# cd CUDA-Multiforcer-Release/argtable2-9/
# ./configure && make && make install
# cd ../
Since the Makefile of the CUDA-Multiforcer doesn’t work out of the box, we need to open it up and find the line
Replace CCFILES with LINKFLAGS so that the line looks like this:
And type make. If everything worked out, you should have a file ~/NVIDIA_GPU_Computing_SDK/C/bin/linux/release/CUDA-Multiforcer. You can try the Multiforcer by doing something like this:
# export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH
# cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/
# ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr
Congratulations, you now have a fully working, CUDA-based hash-cracker running on an Amazon EC2 instance.
Pingback: Meer rekenkracht dan de strafste supercomputers aan minder dan 2 dollar | KOMA – software is service
yes, i don’t see the point of salting too
A benchmark with pyrit for hacking WPA/2 would be interessting…8 Tesla C1060 cards can try 88.000 PMK/s from a wordlist.. 2 Tesla C2050 maybe 25.000 keys/s?
Is it possible to use pyrit with these cards in the amazon cloud?
@sysiu- is this because your lacking in knowledge or braincells- or are you another monkey from uk?
Pingback: Cracking Passwords in Clouds • Blog Archive • Paranoid Linux Ninja Geek
It is not a matter of lacking knowledge. Its a matter of boredom…
Some people are bored to THINK, to read (other posts, articles books), to ask (someone else) and to search.
Thats the problem.
Salting. The idea behind salting is “extending” a password by a set of bytes (a word, some bits, some characters etc). In this way the PASSWORD becomes more complex. IF someone doesnt know the salt then he/she will have to crack it to, even worse if he doesnt know the existance of the salt he wont find a good combination. (look at my previous comment).
If the salt is known, then its a matter of bruteforcing the password only by “concating” the salt. (it may take some ops more because of computing the salt’s hash, by that i mean the “blocks” needed to somputed by the hash algo.)
And a very good answer about the salt, is that, IT WORKS. as simple as that, it just make it difficult to many people to crack a pass. May be it will send some scriptkiddies away. Maybe even some security analyst or hacker will prefer not spending his time on a pass with hash.
But again, read the post, read some comments, and search ,ask ,think, whatever . just DONT say something just to say it…
Pingback: 德国黑客使用租用的计算机资源攻击散列算法 - 那小子`超攒
This is pretty stupid. Something is considered “broken” in cryptography, if you find an attack that is faster than bruteforce. Bruteforce is always a valid option and there’s quite nothing one can do to prevent it. While SHA-1 has some other problems, this is definitively not one of it.
If you expect weak passwords, consider employing key strengthening. But this is not a problem of the hash algorithms but of the expected passwords.
I mean, wtf should this prove? Dont use SHA-3 either (when it’s official) because I can brute-force 1 char passwords on my mobile phone in seconds and some people still use 1 char passwords?
Also, what is the contribution of this article? You did not even facilitate the “cloud”, or did I miss this part? I’ve been able to ask my neighbor to use his GPU for 49 minutes since quite some time, do not need Amazon for this. You mean I can buy more instances and do it faster? Well, I doubt you’ll be able to speed up your silly 6-char experiment significantly because all instances will test the same passwords.
You are welcome to report back when you managed to synchronize GPU cracking for a larger amount of instances and crack some 8-12 byte passwords in negligible time.
I agree with sbo. I would always implent a minimum requirement of 12 characters for the password and by mixing it up with a specific Salt SHA-1 should Be still good to go.
Allthough I’m a big fan of the cloud, as it makes powerful ressources available, even for the small guy, but all the stuff you can do with it in the criminal perspective sounds scary.
In my opinion the access to those Services is way too easy. You can sign up in 1min and you are good to go. No Verification, nothing.. Maybe that is something to think about.
Hello, this is not stupid and I did not say that SHA1 is broken. I just say that you should not use SHA1 for passwordhashes, as there are much better ways to do it like PBKDF2.
And, as stated in the article, it was just a benchmark using one instance to do some calculations on how many nodes you’d have to utilize to break stronger passwords.
“Well, I doubt you’ll be able to speed up your silly 6-char experiment significantly because all instances will test the same passwords.” That’s wrong. It’s no problem to split the task of cracking passwords onto several instances. Especially cracking hashes is extremely easy to distribute. The experiment is not ‘silly’ if you would’ve understand what the article is about.
Pingback: GPUs crack passwords in the cloud
Read the article, understand it, and then rethink what you’ve written. I didn’t claim that I cracked SHA1 or anything. I just showed how fast one instance can be used to brute force SHA1 password hashes and that one can easily use a lot of nodes in the cloud to make password cracking faster. Maybe you should learn what a scriptkiddie actually is.
could you please change the font? this cursive font is not good to read, THANKS!
“It’s no problem to split the task of cracking passwords onto several instances.” Yes, this aint no problem, obviously. But splitting the crack of max 6byte passwords is, because the workloads are so small you won’t benefit from distribution very much.
Also, PBKDF2 may employ SHA-1 — those are two different things your are talking about.
There are several benchmarks on GPU cracking already. CUDA-Multiforcer is far from new either. It has been run a thousand times already in a set-up similar to the one you have described. The only thing new is that you are now able to rent the set-up from Amazon.
On your “Benchmark”:
At a rate of 250M/sec for one node, 7chars would take 77hours in this set-up. 8chars would already require 307 days (worst-case, half the time in average for uniform distribution).
Consequently, if we’d use 307 instances (and suppose perfect linear scalability) to crack an 8-char hash in a single day, we’d have to spend 307*24*$2.10, that are $15472. Neat; but people who have that money to spend, probably buy their own clusters.
Oh, and guess what, a 10 character password already requires 7594 years. Or almost 140 Million US Dollar to rent time from Amazon to crack in a single day.
So what we learn from this is not “Don’t use SHA-1″, but rather “Dont use short passwords”.
Pingback: Mi primera instancia de EC2 | 3000 || 215*
“Also, PBKDF2 may employ SHA-1 — those are two different things your are talking about.” – Yes, it may employs SHA1, and the recommendation is that it does that at least 1000 times. What’s your point?
“There are several benchmarks on GPU cracking already. CUDA-Multiforcer is far from new either. It has been run a thousand times already in a set-up similar to the one you have described. The only thing new is that you are now able to rent the set-up from Amazon.” – I never stated anything else. I just gave it a try on the cloud instance. So what?
“At a rate of 250M/sec for one node, 7chars would take 77hours in this set-up. 8chars would already require 307 days (worst-case, half the time in average for uniform distribution).” – Yes, that’s right. (By the way I’m down to 25 minutes, using some tweaks from the author of the Multiforcer.
“Consequently, if we’d use 307 instances (and suppose perfect linear scalability) to crack an 8-char hash in a single day, we’d have to spend 307*24*$2.10, that are $15472. Neat; but people who have that money to spend, probably buy their own clusters.” – You’re missing that we’re talking about criminals who would want to use that. It’s no problem to get credit card data to buy a cluster of $15k. (Yes, it really is no problem.)
“So what we learn from this is not “Don’t use SHA-1″, but rather “Dont use short passwords”. – Right conclusion. Read the article at Threatpost, I told them exactly the same.
Pingback: GPU-krakovao lozinku u oblaku | Programer
Pingback: Around the web | alexking.org
Pingback: PHP SHA512 Password Hashing
It is more important than just passwords.
courts also rely on MD5 and SHA checksums to ‘ensure’ that evidence is not tampered with.
Pingback: Hacker uses cloud computing to crack passwords | IT Security Standard
Amazing job
=]
Pingback: Week 46 in Review – 2010 | Infosec Events
Pingback: Amazon EC2 GPU becomes password cracker » Hallways Solutions
Pingback: GPUs para Quebra de Senhas « Pablo Arbão
Pingback: SHA1 Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances | Mr Pod Blog
Pingback: SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud | Hack In The Box | Hacking and Computer security news
Pingback: SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud | IT Security, Hacking, Vulnerability alerts, IT Leadership and more
In the defense of Thomas Roth, I find his article fair and balanced, he never claimed to have invented a new hack of SHA and he posted the limitations in clear.
I found that a lot of comments left by angry trolls smell like “too bad I did not thought about that earlier”
For every argument they will be a counter argument, So what?
Pingback: Communique from Forward Observation « IT Artillery
Pingback: Communique from Forward Observation « Enterprise Strategy Group
Pingback: S03E21 – The Piper’s Price – MP3 LOW | Ubuntu Podcast from the UK LoCo team
Pingback: S03E21 – The Piper’s Price – OGG LOW | Ubuntu Podcast from the UK LoCo team
Pingback: S03E21 – The Piper’s Price – MP3 HIGH | Ubuntu Podcast from the UK LoCo team
Pingback: S03E21 – The Piper’s Price – OGG HIGH | Ubuntu Podcast from the UK LoCo team
Pingback: S03E21 – The Piper’s Price | Ubuntu Podcast from the UK LoCo team
I’m totally agreed with the last comment. Some people are just haters. Read the article, you not agree with it, post your point in a constructive way. WTF, stupid article etc… Are not constructive at all. I found this article pretty interesting on the importance of using long password instead of short. Some comments are interesting too. They complete well the article.
Pingback: Cheap And Easy Cloud Cracking On The Way | tenfourty.com
Pingback: German ‘hacker’ uses rented computing to crack hashing algorithm — Latest Security News
Pingback: Raining on Parades | ParaSec
This is awesome and simple. Thanks Tomas.
Pingback: Cracking SHA1 with EC2 GPU instances.
Is there any possibility to do that with RAR files?
I have one RAR File I password protected 1 year ago. Inside there are sensitive financial data. But I forgot the password and I need some of them.
Pingback: Un’altra faccia (non bella) del cloud computing - The New Blog Times
Pingback: Enterprise Efficiency - Andy Patrizio - GPU Supercomputing Comes of Age
Pingback: Cloud Computing: un nuovo strumento per l’hacking?
Pingback: Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances « stacksmashing.net | Vincent Haerinck: Nerdtalk
Pingback: 亚马逊GPU实例应用:密码破解之利器
Pingback: Is Using The Term “Cloud” Supposed To Allay The Fears Of Those With Privacy Concerns? « Revelations From An Unwashed Brain
Pingback: Is Using The Term “Cloud” Supposed To Allay The Fears Of Those With Privacy Concerns? | Anti Virus Scan