Cryptographic Hash functions find ubiquitous use in various applications like digital signatures, message authentication codes and other forms of digital security. Their associated vulnerabilities therefore make them a prevalent target for cyber criminals. Cracking a hash involves brute force which is generally extremely time or computing power intensive. Recent times have seen usage of GPUs for brute forcing hashes thus significantly accelerating the rate of hash generation during brute force. This has further been extended to simultaneous usage of multiple GPUs over multiple machines or building GPU clusters having multiple GPUs on a single machine. Attackers use these methods to crack hashes within practical durations of time, to the tune of hours or days, depending on the strength of the password. This paper quantifies the advantage of using the CPU simultaneously with the GPU for hash cracking and describes how a potential attacker, with respect to the size of the botnet used, could come to possess capabilities of hash rates of at least greater than 11 times the rate of the world's fastest GPU cluster based MD5 brute forcing machine with no investment.
[1]
Takamichi Saito,et al.
An implementation and its evaluation of password cracking tool parallelized on GPGPU
,
2010,
2010 10th International Symposium on Communications and Information Technologies.
[2]
Elmar Gerhards-Padilla,et al.
Case study of the Miner Botnet
,
2012,
2012 4th International Conference on Cyber Conflict (CYCON 2012).
[3]
Michael Lin,et al.
MPI Enhancements in John the Ripper
,
2010
.
[4]
Felix C. Freiling,et al.
Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm
,
2008,
LEET.
[5]
Vitaly Shmatikov,et al.
Fast dictionary attacks on passwords using time-space tradeoff
,
2005,
CCS '05.
[6]
Yi Pan,et al.
Distributed MD4 Password Hashing with Grid Computing Package BOINC
,
2004,
GCC.
[7]
Kyle Foerster,et al.
Password recovery using MPI and CUDA
,
2012,
2012 19th International Conference on High Performance Computing.