[106220] in cryptography@c2.net mail archive
Re: Elcomsoft trying to patent faster GPU-based password cracker
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Oct 24 16:26:24 2007
Date: Wed, 24 Oct 2007 20:21:51 +0000
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: "mheyman@gmail.com" <mheyman@gmail.com>
Cc: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <5c8fcb9c0710241025r11b7d8d9u8bfac3b27b57de8f@mail.gmail.com>
On Wed, 24 Oct 2007 13:25:29 -0400
"mheyman@gmail.com" <mheyman@gmail.com> wrote:
> From:
>
> <http://www.elcomsoft.com/EDPR/gpu_en.pdf>
>
> Moscow, Russia - October 22, 2007 - ElcomSoft Co. Ltd. has
> discovered and filed for a US patent...Using the "brute force"
> technique of recovering passwords, it was possible, though
> time-consuming, to recover passwords from popular
> applications. For example...Windows Vista uses NTLM hashing
> by default, so using a modern dual-core PC you could test up to
> 10,000,000 passwords per second, and perform a complete
> analysis in about two months. With ElcomSoft's new technology,
> the process would take only three to five days..Today's [GPU]
> chips can process fixed-point calculations. And with as much as
> 1.5 Gb of onboard video memory and up to 128 processing
> units, these powerful GPU chips are much more effective than
> CPUs in performing many of these calculations...Preliminary
> tests using Elcomsoft Distributed Password Recovery product
> to recover Windows NTLM logon passwords show that the
> recovery speed has increased by a factor of twenty, simply by
> hooking up with a $150 video card's onboard GPU.
>
I hope they don't get the patent. The idea of using a GPU for
cryptographic calculations isn't new; see, for example, "Remotely Keyed
Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted
Hardware" (http://www1.cs.columbia.edu/~angelos/Papers/2005/rkey_icics.pdf)
Debra L. Cook, Ricardo Baratto, and Angelos D. Keromytis. In
Proceedings of the 7th International Conference on Information and
Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing,
China. An older version is available as Columbia University Computer
Science Department Technical Report CUCS-050-04
(http://mice.cs.columbia.edu/getTechreport.php?techreportID=110&format=pdf&),
December 2004.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
