Anything Else?

Read Some More?

Hello! What the hell is this place?

You can LINK up with me here on linked-in

Hello my name is Dan and I am what some would call a hacker, cracker, designer, engineering architect though I prefer information systems security consultant. Security is not only my job, but it is also a passion. I'll share my ramblings, frustrations and interests during my day to day expedition through security in the real “business” world and how it impacts you in this fast paced industry, along with my joy of gadgets, sport and red wine. To date, I have over ten years’ experience and earned qualifications from Microsoft, SANS, EC|Council, VMware, Cisco and ISC. These include, CISSP, C|EH, SANS pen testing, Cisco Security and CCNP, MCSA, MCSE in 2003 technologies, and Enterprise Admin in MCITP 2008. Thanks for visiting and feel free to join in the discussion and comment as some posts may offend, some posts may be utter nonsense! Security is an evolving process and on-going debate. I am not sponsored by any company, nor am I trying to sell you security products, nor lead you down the rabbit hole with promises of rosy magic security solutions.

Friday

Nov192010

Got a SHA-1 Hash? Destroy it for $2

Friday, November 19, 2010 at 11:01AM

We have known for at least 5 years the the implementation of SHA-1 secure hashing algorithm is vulnerable in that it lets the attacker find pairs of messages with same hash (collision) in lower computational complexity than it should provide. Because of this, SHA-1 is in the process of being retired from service.

SHA-1, although it is in the process of being phased out, still forms a component of various stanadard security applications, including Secure Sockets Layer, Transport Layer Security and S/MIME protocols.

We have also seen it the past few years the increase of clustered GP-GPU applications such as the folding at home project and coupled with the processing grunt of some of the latest GPU's from ATI and Nvidia, these mini-mainframes can seriously crunch some numbers.

A German security enthusiast, Thomas Roth, has demonstrated that by using a clustered GPU instance he has 'kind of' bruted forced cracked all the hashes from a 160-bit SHA-1 hash with a password of between 1 and 6 characters in around 49 minutes.

1 Compute done: Reference time 2950.1 seconds
2 Stepping rate: 249.2M MD4/s
3 Search rate: 3488.4M NTLM/s

As you can see, that it some impressive throughput. Best of all, this proof of concept was performed on a 'fore-hire' cluster for just $2 a session from Amazon's Elastic Compute Cloud (https://aws.amazon.com/ec2/) Even though 6 characters is a fairly simple and insecure password, and the rainbow table used in this case is simply matching the correct hash, the concept still stands, that GP-GPU cracking is a growing and a fascinating trend which only goes to show the importance of quickly retiring SHA-1.

The specification of the machine used above is as follows;

22 GB of memory
33.5 EC2 Compute Units (2 x Intel Xeon X5570, quad-core “Nehalem” architecture)
2 x NVIDIA Tesla “Fermi” M2050 GPUs
1690 GB of instance storage
64-bit platform
I/O Performance: Very High (10 Gigabit Ethernet)
API name: cg1.4xlarge

If you fancy giving this ago on your own GPU, Thomas has posted on his blog the code required to take advantage of Nvidia's CUDA platform. One interesting snippet is this section of code;

1 # export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
2 # export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH
3 # cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/
4 # ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr

If you have any generated rainbow tables you can give them a go on more stronger hashed SHA-1 passwords.

CUDA capabilities are growing, for the enthusiastic power user and the hacker alike.

View Thomas's blog here

Amazon Elastic Compute Cloud

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

This work is licensed under a Creative Commons License. Dan Tinsley - Defending the Network Creative Commons 2012 (My l33t lawyer can HACK your lawyer)