So, I was thinking of buying from GPUs for cracking passwords — Totseans

So, I was thinking of buying from GPUs for cracking passwords

DfgDfg Admin
edited December 2012 in Tech & Games
but then I realized that even though it can be done it's not ideal. The best way is to social engineer and use phishing attacks. Here is a debate going about this, I usually browser Slashdot because it's an excellent community when it comes to Tech stuff. It does have it's own trolls but it's still better than nothing.

"A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

Some interesting posts.

"They that is account provider can easily use delays and lockout an account after too many tries.Not lock out an account.

Temporary ban an IP address. Fail2ban does this. If you're just looking to protect SSH, use Denyhosts.

You don't want to lock out legitimate users. All the big providers like Yahoo and Facebook will let you keep trying at a password 3 times, and then they'll throw a captcha at you for all tries after that with as many tries as you want, because you have to keep solving the captcha for each attempt. Current captcha technology is pretty much bot proof - almost human proof sometimes, it seems (as a user, I hate captcha and knowing someone who is sight impaired, I consider it offensive - we should find something else, something better).

Locking out accounts over bad login attempts generates too many support calls and upset users, because you could DOS attack an account simply by spamming the login with bad passwords. It's been tried. It sucks as a solution. The solution is to make brute-forcing time consuming and requiring human intervention."

I agree with this Bruteforcing over the Internet is failure announced. It's only feasible if you have local access or if you're doing the cracking in your own farm or platform.

"Different passwords for different things is a good idea.

But the issue is not brute forcing over the network. The issue is hackers stealing a database of passwords, then bruteforcing the lot of them locally. Some sites don't even bother to hash the password at all and some don't salt them or use a weak hash. So if the database is lifted, the hackers could potentially recover some or all of the passwords with little or no effort. So if you use the same email and password for an insecure site as a strong site, you are trouble.
Therefore it would be wise to arrange sites into tiers of importance. Tax / health / social security on the top. Then banks. Then cloud / email services. Then stores. Then sites with personally identifying info. Then forums and other throwaway crap. For each tier take appropriate measures to ensure uniqueness of the password and login id and use password safe to manage this mess. On the bottom tier, you could probably use the same throwaway password for every site, or a variant of it (e.g. tack on the first 4 letters of the domain host) since a compromise is a nuisance rather than as a threat.

And use something like Password Safe so you don't have to remember all this crap."

Yep, and I use a password manager now.

"i think email should be on the top list of priority - because "reset your password" on every other system tends to use your email address. lose control of your email and you've lost control of everything else."

This is vital most people forget it, guard your e-mails and keep the secure!

So, in the end you're in a tight spot. So, I suggest you better start securing things.


  • DfgDfg Admin
    edited December 2012
    Interesting article:

    [h=3]Snake Oil[/h] The problem with bad security is that it looks just like good security. You can't tell the difference by looking at the finished product. Both make the same security claims; both have the same functionality. Both might even use the same algorithms: triple-DES, 1024-bit RSA, etc. Both might use the same protocols, implement the same standards, and have been endorsed by the same industry groups. Yet one is secure and the other is insecure.
    Many cryptographers have likened this situation to the pharmaceutical industry before regulation. The parallels are many: vendors can make any claims they want, consumers don't have the expertise to judge the accuracy of those claims, and there's no real liability on the part of the vendors (read the license you agree to when you buy a software security product).
    This is not to say that there are no good cryptography products on the market. There are. There are vendors that try to create good products and to be honest in their advertising. And there are vendors that believe they have good products when they don't, but they're just not skilled enough to tell the difference. And there are vendors that are just out to make a quick buck, and honestly don't care if their product is good or not.
    Most products seem to fall into the middle category: well-meaning but insecure. I've talked about the reason in previous CRYPTO-GRAM essays, but I'll summarize: anyone can create a cryptography product that he himself cannot break. This means that a well-meaning person comes up with a new idea, or at least an idea that he has never heard of, cannot break it, and believes that he just discovered the magic elixir to cure all security problems. And even if there's no magic elixir, the difficulty of creating secure products combined with the ease of making mistakes makes bad cryptography the rule.
    The term we use for bad cryptography products is "snake oil," which was the turn-of-the-century American term for quack medicine. It brings to mind traveling medicine shows, and hawkers selling their special magic elixir that would cure any ailment you could imagine.
    For example, here is a paragraph from the most recent snake-oil advertisement I received in e-mail: "Encryptor 4.0 uses a unique in-house developed incremental base shift algorithm. Decryption is practically impossible, even if someone manages to reverse engineer our program to obtain the algorithm, the decryption of a file depends on the exact password (encryption key). Even if someone is guessing the encryption key the file will only be decrypted correctly if the encryption key is 100 percent correct. See the IMPORTANT WARNING on our Web site" I checked the Web site; the odds that this product is any good are negligible.
    Elsewhere I've talked about building strong security products, using tried-and-true mathematics, and generally being conservative. Here I want to talk about some of the common snake-oil warning signs, and how you can pre-judge products from their advertising claims. These warning signs are not foolproof, but they're pretty good.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #1: Pseudo-mathematical gobbledygook.[/FONT][/h] In the quote above, notice the "unique in-house developed incremental base shift algorithm." Does anyone have any idea what that means? Are there any academic papers that discuss this concept? Long noun chains don't automatically imply security.
    Meganet <> has a beauty on their Web site: "The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set." This makes no sense, even to an expert.
    US Data Security <> has another beauty: "From a mathematical point of view, the TTM algorithm is intuitively natural and less cumbersome to use than methods that are number-theory based." SuperKrypt <> tries to impress with an acronym: "SuperKrypt products utilize the DNGT bulk encryption method," whatever that is. And Cennoid <> just doesn't understand what it's talking about: "Since key length and key structure vary and since the encryption engine does not use any mathematical algorithms, reverse engineering is impossible and guessing is not an option."
    The point here is that, like medicine, cryptography is a science. It has a body of knowledge, and researchers are constantly improving that body of knowledge: designing new security methods, breaking existing security methods, building theoretical foundations, etc. Someone who obviously does not speak the language of cryptography is not conversant with the literature, and is much less likely to have invented something good. It's as if your doctor started talking about "energy waves and healing vibrations." You'd worry.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #2: New mathematics.[/FONT][/h] Every couple of years, some mathematician looks over at cryptography, says something like, "oh, that's easy," and proceeds to create an encryption algorithm out of whatever he has been working on. Invariably it is lousy.
    Beware cryptography based on new paradigms or new areas of mathematics: chaos theory, neural networks, coding theory, zeta functions. Cryptography is hard; the odds that someone without any experience in the field can revolutionize it are small. And if someone does, let the academic community have a few years to understand it before buying products based on it.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #3: Proprietary cryptography.[/FONT][/h] I promise not to start another tirade about the problems of proprietary cryptography. I just include it here as a warning sign. So when a company like GenioUSA <> refuses to divulge what algorithm they're using (they claim it's "world class secret key encryption," whatever that means), you should think twice before using their product (it's completely broken, by the way).
    Another company, Crypt-o-Text <>, promises a "complex proprietary encryption algorithm" and that "there is absolutely no way to determine what password was used by examining the encrypted text." It was completely broken in an InfoWorld review.
    This kind of thing isn't exclusive to small companies. Axent once tried to pass XOR off as a real encryption algorithm. It wasn't until someone peeked inside the compiled code that we discovered it.
    Any company that won't discuss its algorithms or protocols has something to hide. There's no other possible reason. (And don't let them tell you that it is patent-pending; as soon as they file the patent, they can discuss the technology. If they're still working on the patent, tell them to come back after they can make their technology public.)
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #4: Extreme cluelessness.[/FONT][/h] Some companies make such weird claims that it's obvious that they don't understand the field. TriStrata says this about their encryption algorithm: "Since TriStrata's encryption scheme is so simple and of such low computational complexity, the client portion can reside on a wide range of systems -- from a server to a portable PC." Don't they realize that every encryption algorithm is small enough to fit on a portable PC, that DES and RSA and SHA can fit on an 8-bit smart card, and that you can implement some of the AES candidates in 17 clock cycles per byte or a few thousand gates?
    GenioUSA talks about why they don't use public-key cryptography in their product): "Public Key encryption is exactly that, you are not the only party involved in the generation, integrity, and security of all the keys/passwords used to encrypt your e-mail, documents, and files. Public key encryption is great technology to use to exchange things with anyone you won't trust with your secret key(s) and/or can't exchange secret key(s) with. We quote one sentence from a well known Web page, 'All known public key cryptosystems, however, are subject to shortcut attacks and must therefore use keys ten or more times the lengths of those discussed here to achieve the an [sic] equivalent level of security.'" So what? This company just doesn't get it.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #5: Ridiculous key lengths.[/FONT][/h] Jaws Technology <> boasts: "Thanks to the JAWS L5 algorithm's statistically unbreakable 4096 bit key, the safety of your most valued data files is ensured." Meganet takes the ridiculous a step further <>: "1 million bit symmetric keys -- The market offer's [sic] 40-160 bit only!!"
    Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe. For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless.
    Think of this as a sub-example of Warning Sign #4: if the company doesn't understand keys, do you really want them to design your security product?
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #6: One-time pads.[/FONT][/h] One-time pads don't make sense for mass-market encryption products. They may work in pencil-and-paper spy scenarios, they may work on the U.S.-Russia teletype hotline, but they don't work for you. Most companies that claim they have a one-time pad actually do not. They have something they think is a one-time pad. A true one-time pad is provably secure (against certain attacks), but is also unusable.
    Elementrix, now defunct, announced a one-time pad product a few years ago, and refused to recant when it was shown that it was no such thing. Ciphile Software <> just tries to pretend: "Original Absolute Privacy - Level3 is an automated pseudo one-time pad generator with very sophisticated and powerful augmenting features." Whatever that means.
    More recently, TriStrata <> jumped on the world's cryptography stage by announcing that they had a one-time pad. Since then, they've been thoroughly trounced by anyone with a grain of cryptographic sense and have deleted the phrase from their Web site. At least they've exhibited learning behavior.
    Ultimate Privacy <> might actually use a one-time pad (although they claim to use Blowfish, too, which worries me): "The one time pad is a private key method of encryption, and requires the safe and secure distribution of the pad material, which serves as the key in our solution. The security of the key distribution comes down to how secure you want to be -- for communicating point-to-point with one other person, we suggest a face-to-face hand-off of the pad material." Remember that you need to hand off the same volume of bits as the message you want to send, otherwise you don't have a one-time pad anymore.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #7: Unsubstantiated claims.[/FONT][/h] Jaws Technologies says this about its new encryption technology: "This scientifically acclaimed encryption product is the world's strongest commercially available software of its kind." Acclaimed by who? The Web site doesn't say. World's strongest by what comparison? Nothing.
    UBE98, at <>, stands for "unbreakable encryption," or at least it did before someone took a day to break it. Its Web site makes the same sort of ridiculous claims: "One of the Strongest Encryptions available in the UK in a program that everyone will understand how to use!" Wow. SenCrypt <> is advertised to be "the most secure cryptographic algorithm known to mankind." Double wow.
    Some companies claim "military-grade" security. This is a meaningless term. There's no such standard. And at least in the U.S., military cryptography is not available for non-government purposes (although government contractors can get it for classified contracts).
    Other companies make claims about other algorithms that are "broken," without giving details. Or that public-key cryptography is useless. Don't believe any of this stuff. If the claim seems far-fetched, it probably is. If a company claims that their products have been reviewed by cryptographers, ask for names. Ask for a copy of the review. Counterpane Systems reviews many products, and our clients can give out the reviews if they choose.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #8: Security proofs.[/FONT][/h] There are two kinds of snake-oil proofs. The first are real mathematical proofs that don't say anything about real security. The second are fake proofs. Meganet claims to have a proof that their VME algorithm is as secure as a one-time pad. Their "proof" is to explain how a one-time pad works, add the magic spell "VME has the same phenomenon behavior patterns, hence proves to be equally strong and unbreakable as OTP," and then give the results of some statistical tests. This is not a proof. It isn't even close.
    More subtle are actual provably secure systems. They do exist. Last summer, IBM made a big press splash about their provably secure system, which they claimed would revolutionize the cryptography landscape. (See <> for a discussion.) Since then, the system has disappeared. It's great research, but mathematical proofs have little to do with actual product security.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Warning Sign #9: Cracking contests.[/FONT][/h] I wrote about this at length last December: <>. For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.
    [h=4][FONT=Verdana,Arial,Helvetica,Geneva,sans-serif]Conclusion: Separating the Good from the Bad[/FONT][/h] These snake-oil warning signs are neither necessary nor sufficient criteria for separating the good cryptography from the snake oil. Just as there could be insecure products that don't trigger any of these nine warning signs, there could be secure products that look very much like snake oil. But most people don't have the time, patience, or expertise to perform the kind of analysis necessary to make an educated determination. In the absence of a Food-and-Drug-Administration-like body to regulate cryptography, the only thing a reasonable person can do is to use warning signs like these as guides.
    Further reading: The "Snake Oil" FAQ is an excellent source of information on questionable cryptographic products, and a good way to increase the sensitivity of your bullshit detector. Get your copy at: <>.

    Also, I do love this format. Perhaps I can mimic it for the front page. Instead of one article I could write a newsletter per week and post it on go.
  • GoingNowhereGoingNowhere Global Moderator
    edited December 2012
    This is brilliant info, I'll come back to this and read it properly later. Great post :)
Sign In or Register to comment.