Elcomsoft trying to patent faster GPU-based password cracker
Steven M. Bellovin
smb at cs.columbia.edu
Wed Oct 24 16:21:51 EDT 2007
On Wed, 24 Oct 2007 13:25:29 -0400
"mheyman at gmail.com" <mheyman at gmail.com> wrote:
> From:
>
> <http://www.elcomsoft.com/EDPR/gpu_en.pdf>
>
> Moscow, Russia - October 22, 2007 - ElcomSoft Co. Ltd. has
> discovered and filed for a US patent...Using the "brute force"
> technique of recovering passwords, it was possible, though
> time-consuming, to recover passwords from popular
> applications. For example...Windows Vista uses NTLM hashing
> by default, so using a modern dual-core PC you could test up to
> 10,000,000 passwords per second, and perform a complete
> analysis in about two months. With ElcomSoft's new technology,
> the process would take only three to five days..Today's [GPU]
> chips can process fixed-point calculations. And with as much as
> 1.5 Gb of onboard video memory and up to 128 processing
> units, these powerful GPU chips are much more effective than
> CPUs in performing many of these calculations...Preliminary
> tests using Elcomsoft Distributed Password Recovery product
> to recover Windows NTLM logon passwords show that the
> recovery speed has increased by a factor of twenty, simply by
> hooking up with a $150 video card's onboard GPU.
>
I hope they don't get the patent. The idea of using a GPU for
cryptographic calculations isn't new; see, for example, "Remotely Keyed
Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted
Hardware" (http://www1.cs.columbia.edu/~angelos/Papers/2005/rkey_icics.pdf)
Debra L. Cook, Ricardo Baratto, and Angelos D. Keromytis. In
Proceedings of the 7th International Conference on Information and
Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing,
China. An older version is available as Columbia University Computer
Science Department Technical Report CUCS-050-04
(http://mice.cs.columbia.edu/getTechreport.php?techreportID=110&format=pdf&),
December 2004.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list