As usual:<p><a href="http://codahale.com/how-to-safely-store-a-password/" rel="nofollow">http://codahale.com/how-to-safely-store-a-password/</a><p>and note that "ihashgpu" works against salted passwords; salts do not prevent brute-force attacks.
Be careful to compare apples with apples here. He told us what GPU he has, but not what CPU. Depending on the CPU, the comparison could be skewed in either direction.<p>A Radeon 5770 apparently uses 108W[1] when fully loaded. Newegg's cheapest non-open-box Radeon 5770[2] costs about $120. The price is the same as a 3.0-3.2GHz Phenom 4-core, and the power usage falls right between them[3].<p>If he has one of these (or a similar Intel), it's roughly comparable. If he has a cheap or older CPU, the result is closer than it looks. If he has one of the high-end six-core CPUs, then it's an even larger gap.<p>[1]<a href="http://www.tomshardware.com/reviews/radeon-hd-5770,2446-15.html" rel="nofollow">http://www.tomshardware.com/reviews/radeon-hd-5770,2446-15.h...</a>
[2]<a href="http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&IsNodeId=1&Description=Radeon%205770&bop=And&Order=PRICE&PageSize=20" rel="nofollow">http://www.newegg.com/Product/ProductList.aspx?Submit=ENE...</a>
[3]<a href="http://www.newegg.com/Product/Product.aspx?Item=N82E16819103808" rel="nofollow">http://www.newegg.com/Product/Product.aspx?Item=N82E16819103...</a>
A few months back we built a 4-Tesla box for doing GPU cracking (I think for less than 15 grand total). Initially for doing WPA, but now for more general purpose cracking.<p>It's ludicrous how much quicker we get results. I'm hoping to start compiling some statistics, as it's been in near-constant use since January.
I left this comment (awaiting moderation).<p>While I agree that GPGPUs are ideally suited for this type of thing, I think a lot of the difference you're seeing comes down to the amount of skill and effort put into the NTLM cracking functionality by the authors for their respective products.<p>ighashgpu is a single-purpose tool, whereas C&A does many things. My impression is that C&A is mostly used with rainbow tables (supplied elsewhere), whereas the author of the GPU tool is set on being the best.<p>Last time I looked into it, my impression was that a modern CPU could probably be made to run <i>no slower than</i> 5-10x that of a modern GPU at this type of task. Faint praise, I know :-)<p>As OpenCL matures, I suspect we'll see code written which can be benchmarked on both. Exciting times!
ATI GPUs are extraordinarily fast at hashing (just go look at any of the serious bitcoiners), but this is why we have things like bcrypt. Power goes up, difficulty goes up, passwords remain secure.
The author of ighashgpu has a lot more on this:<p><a href="http://www.golubev.com/blog/?category_name=gpuprog" rel="nofollow">http://www.golubev.com/blog/?category_name=gpuprog</a>
Don't forget with AWS offering GPU instances, this stuff is also becoming close to "cracking-as-a-service".<p>While unethical (perhaps, to be debated) you could even create a startup in this arena just to do this.
C&A does much more than password cracking. It has ARP poisoning capabilities, and it also comes with a trojan (Abel) that can hijack computers remotely over Windows networks. For a free program, it is very powerful. Even the NSA uses it [1].<p>I think this also means that one-factor authentication will soon be obsolete. Of course we can keep making passwords longer and more complex, but we all know its really the users that are the problem. People have shown time and time again that they will chose bad passwords, and to make matters worse, they will use the same password for every one of their logins.<p>Furthermore, this demo was done with a single card. Any attacker with knowledge and resources could easily link up a ton of graphics cards (or even use AWS GPU instances) giving them the ability to bruteforce most rememberable passwords. I can only imagine the scale of the massive GPU clusters that the NSA & other SIGINT focused intelligence agencies employ.<p>[1] - <a href="http://www.washingtonpost.com/wp-srv/photo/postphotos/orb/asection/2006-01-27/4.htm" rel="nofollow">http://www.washingtonpost.com/wp-srv/photo/postphotos/orb/as...</a> (look under latest tool versions)
NTLM is not difficult to crack. It's basically md4.<p>Edit: I forgot to mention that I have C++ code that will turn an ASCII string into its NTLM hash here: <a href="https://github.com/16s/NT_Hashes" rel="nofollow">https://github.com/16s/NT_Hashes</a>
Are cracking programs optimized to do all 1 character passwords, then all 2 character passwords, then 3 then 4 etc? Otherwise how will an attacker know to only run a search on 6 character passwords?<p>Not to mention that a cracker always would have to computed for all possible characters (alphanumeric plus symbols) because there is no way of knowing ahead of time what character set the person used.
how about chinese passwords?<p><pre><code> 他们不了知道
3000 ** 6 = 729,000,000,000,000,000,000
</code></pre>
I guess unicode between the client and backend isn't consistant enough yet. Maybe in 10 years or so.