Video processors are a powerful weapon when it comes to password cracking, and they're easily available.
Moore's Law is sometimes used to describe the growth in transistor counts on circuit boards. It suggests a doubling every 18 months to two years, with a finite growth limit once transistor sizes reach the molecular level.
Processing speed doesn't necessarily grow at the same rate. It has been suggested that for a 50 per cent growth in transistor numbers, total processing power might only grow 15 to 20 per cent, due to limitations in other parts of the CPU and its interfaces.
So when it comes to cracking passwords or precomputing hash tables, it seems we're limited by technology. Projects such as RainbowCrack have attempted to solve this by distributing the load over vast numbers of PCs, but it took months to compute hash tables for longer passwords. Even today, tables for passwords with more than eight characters are rare.
How about optimised hardware? Video cards contain very powerful processors. They have to perform huge amounts of processing to render images on screen, particularly those optimised for the number crunching required for gaming. And the CELL processor in the Playstation 3, for example, runs at around 1000 times the speed of Intel processors.
Most flatscreen monitors and televisions also contain highly optimised video processors, generally known as application-specific integrated circuits (ASICs), although the similar field-programmable gate array (FPGA) is often of more use. The tricky bit is programming the chip to do what you want, which requires knowledge of hardware description language.
FPGAs are getting cheaper, with training boards available for less than £200. Cheap ASICs can be found in redundant TFT monitors, but are usually impossible to adapt for use as a password cracker or hash table generator. Occasionally you find a full-blown FPGA in a production system, so there's real potential for high-speed processing.
It's worth taking a look at http://nsa.unaligned.org, where a bright researcher has taken a couple of video transform boards that include FPGAs, reverse-engineered them and created an online web interface. You can upload MD5 and SHA-1 hashes to the website for the boards to crack. Two boards are faster at cracking than “over 1500 Athlon FX-60 CPUs”.
Now we're into the realm of real power and small, cheap, fast password cracking. What if we could create large numbers of optimised processors and run them in parallel? The Pico Computing Superstack does exactly this. GSM A5/1 encryption was cracked in 30 minutes using only 20 per cent of its capacity.
What does this all mean? In just a couple of years we've moved from unwieldy, globally distributed projects to a couple of video boards. Now cracking and precomputation is getting to the point of being available “on the fly”, sufficient, for example, to make breaking a WPA-PSK key practical. One of the positive aspects of WPA Personal was that the preshared key (PSK) was salted with the SSID of the access point. As long as you had changed your SSID name from the vendor default the key was hard to crack. Now it's more achievable.
Hashes that previously haven't been precomputed beyond certain lengths are now looking more vulnerable.
And what about hard-disk encryption and PKI? Again, these rely on the fact that a brute-force attack would take forever. However, cheap, fast, efficient cracking is changing the goal posts dramatically.
I was chatting to a law enforcement officer at the recent Infosec show. He mentioned that he spent most of his working life computing hash tables in order to lawfully break into systems for evidence. Supercomputers were simply outside his budget, but the potential for cheap, fast cracking and hash pre-computation was suddenly making his life rather more interesting.
Solutions? Choose longer keylengths, more complex passwords, stronger algorithms and protect your hashes.
Ken Munro is managing director of Secure Test. He can be contacted at firstname.lastname@example.org