GPU-Assisted Password Cracking
Who may needPassword Recovery?
Ordinary users (own passwords)
IT Departments (employee’s passwords)
Security auditors, consultants and penetration testers
Law enforcement & government
Hackers usually don’t!
Why speed counts?
Users and IT Departments:«We needed those passwords yesterday»
Auditors, consultants and pentesters:
«Time is Money»
How to increase speed?
Traditional way is to network together many computers to form a cluster
• Communication overhead
• Difficult to manage
• Not power-efficient
Any other options?
For many HPC applications GPUsare many times fasterthan CPUs
Yes!
But they’re not only faster, they are
greener!
Why?
CPUs are designed to be efficient at serialcomputing…
…while GPU’s main concern is
parallel computing
Intel® Core™ i7-965
“The highest performing desktop processor on the
planet.”
4 cores3,2 GHz
731 million transistors263 mm2
L3 cache8 Мb
>384 million transistors
QPI
QPI
IO IOQueue
Core Core
Memory Controller
CoreCore
L3 cache8 Мb
>384 million transistors
QPI
QPI
IO IOQueue
Core Core
Memory Controller
CoreCore
L2
Pagi
ng
Bran
ch P
redi
ctio
n
Inst
Fet
ch &
L1
L1 Data
Execution Units
Mem
ory
Orde
ring
&
Exec
utio
n
Out-of-Order
Scheduling &
Retirement
Instruction Decode & Microcode
L3 cache8 Мb
>384 million transistors
QPI
QPI
IO IOQueue
Core Core
Memory Controller
CoreCore
CPU dedicates only about 10% to the
execution units!
1/10
CPU dedicates only about 10% to the
execution units!
NVIDIA®GeForce® GTX 285
240 cores1.476 GHz1.4 billion transistors470 mm2
TPC TPC TPC TPC TPC
TPC TPC TPC TPCTPC
ROP Setup ROP
Memory Controller
PCIe & Memory
Controller
Thread Dispatch
TPC TPC TPC TPC TPC
TPC TPC TPC TPCTPC
ROP Setup ROP
Memory Controller
PCIe & Memory
Controller
Thread Dispatch
Mul
tipro
cess
or
Mul
tipro
cess
or
Mul
tipro
cess
orTexture Fetch &
Other
TPC TPC TPC TPC TPC
TPC TPC TPC TPCTPC
ROP Setup ROP
Memory Controller
PCIe & Memory
Controller
Thread Dispatch
GPU dedicates about 30% to the execution units!
1/3
GPU dedicates 6 times as manyresources to the execution units
as CPU!
183 Watts full load
6x130=780 Watts full load
Performance
70
87
32
570
795
195
920
1 330
250
1 920
2 600
680
0 1 000 2 000 3 000
MD5
NTLM
LM
Millions passwords per second
S1070
GTX 295
GTX 285
Q6600
Performance per $
389
483
178
1 629
2 271
557
1 917
2 771
521
240
325
85
0 500 1 000 1 500 2 000 2 500 3 000
MD5
NTLM
LM
Thousands passwords per $ per second
S1070
GTX 295
GTX 285
Q6600
Performance per Watt
667
829
305
3 115
4 344
1 066
3 183
4 602
865
2 400
3 250
850
0 1 000 2 000 3 000 4 000 5 000
MD5
NTLM
LM
Thousands passwords per watt per second
S1070
GTX 295
GTX 285
Q6600
Bad News:Not every algorithm is worth offloading to GPU
MD4 / MD5 SHA-1 / SHA-2
RIPEMD MD2 AES DES RC4
GPU is good at computing
but
GPU is bad at accessing random memory locations
Good News:
Humans love repetition
WPA-PSK
3100
11800
12500
15750
21700
31500
52400
0 10000 20000 30000 40000 50000 60000
Core 2 Quad Q6600
GTX 280
GTX 285
HD4870
GTX 295
HD4870x2
Tesla S1070
Other Accelerators?
Based on FPGA (Xilinx)FireWireProprietary SDK
US $3’995
Single Unit Performance
27000
13500
3050
40000
16000
5050
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
PGPdisk 128 PGPdisk 256 Office 2007
TACC1441
GTX 285
US $3’995
US $3’995
Performance for $4K
2700013500 3050
440000
176000
55550
0
50000
100000
150000
200000
250000
300000
350000
400000
450000
500000
PGPdisk 128 PGPdisk 256 Office 2007
TACC1441
11x GTX 285
Greener Computing
• Consider a cluster of 25 dual-CPU quad-core computers
• 400 watts full load each
• 10’000 watts total
Greener Computing
• Two Tesla S1070 provide same performance
• 800 watts full load each
• One computer for management
• 2’000 watts total
Greener Computing
• 8’000 watts saved
• 49’090 kWh a year (at 70% utilization)
• € 5’890 savings on electricity a year (at 0.12€ per kWh average rate)
• Prevents 27’500 kg CO2 emission
• Takes 5 cars off the roads
• Saves 2’300 trees/year
