Harden Up: Can We Break Your Password With Our GPUs?

Final Words

My weekend of attempting to recover an old WinZip password left me slightly surprised. We live in a world where secure data isn't so secure (*cough* Sony's PSN *cough*), so it's hard not to be afraid of what general purpose computing means for the future as our graphics processors become even more powerful.

In the past, there was no way you could expect to bring down an ASCII password with a length of 10 characters in any reasonable period. This was only possible with custom hardware. That's what the Electronic Frontier Foundation did in 1998 with its Deep Crack. At a final cost of nearly $250 000, a group of security experts built a machine that could scan about 90 billion passwords per second, thanks to more than 1800 AWT-4500s working in tandem.

I can’t manage that level of performance with my office workstation, but two GeForce GTX 570s in SLI achieve about 1.5 billion passwords per second against Zip 2.0 encryption. That’s 1/60th of the performance at less than 1/100th of the cost. Obviously, I'm comparing apples against oranges. After all, Zip 2.0 encryption is old. But it's clear that massively parallel graphics architectures will continue enabling increased performance density at more commodity-like prices, so at some point we will be able to get 90 billion passwords per second from a desktop-sized box.

So, what have we learned? First off, steer clear of Zip 2.0. It’s an older encryption scheme supported for legacy purposes, and even WinZip suggests that you use AES to ward off brute-force attacks.

Targeted attempts are another story. Most people use passwords that include words, and as such, those passwords are vulnerable to dictionary-based attacks no matter what encryption scheme you use. The number of words in the English language is less than 1 million. However, a GeForce GTX 460 can manage at least 150 000 passwords per second against AES encryption. Even if you add a few variations, you really only need to spend a day crunching passwords to break the proverbial lock. Why? Because an entire word is functionally the same as a single letter, like "a."

Ideally you should avoid the following if you are trying to make your files more secure:

  • Avoid words from the dictionary. The Oxford English dictionary contains fewer than 300 000 entries if you count words currently in use, obsolete words and derivative words. That's nothing for a GeForce GTX 460.
  • Avoid words with numbers appended at the end. Adding 1 to the end of password doesn't make it a more secure. I can still crunch the entire English dictionary and numbers in half a day with a pair of GeForce GTX 570s.
  • Avoid double words or simple letter substitution. PasswordPassword only doubles the number of words that we have to search. That's still fairly easy considering how fast I can scan files. Also, p@55w0rd isn't a secure password. Password crackers know all the usual shortcuts. So don't take that route. 
  • Avoid common sequences from your keyboard. Adding qwerty to the dictionary of tested passwords isn’t hard work. That's another shortcut to avoid.
  • Avoid common numerical sequences. 314159 may be easy to remember. It's Pi, after all, but it's also something that's easy to test for.
  • Avoid anything personally related, such as your license plate, social security number, past telephone number, birthday, and so on. We live in a world where a lot of information is public domain. If you have a public Facebook or Twitter account, the amount of information available keeps growing.

An encryption scheme is only as good as the password that protects it. That's the weakness in a symmetric password, where the encryption key is the same as the decryption key. If you are stubbornly paranoid, the ultimate in security probably lies in PGP or certificate-based encryption. On an everyday basis, this isn't a practical option unless you and your company are willing to migrate to PKZIP. That's why password length should be your primary concern.

Fortunately, math is our friend (seriously, it is). If you use the full ASCII character set, then your password strength is 94(password length), because every additional character makes a password 94 times more secure. By adding a few extra characters to your password, you're making it "computationally infeasible" for hackers to attempt a brute-force attack. If 7 298 831 534 994 528 possible combinations (in a one- to nine-character password) isn’t enough to make you comfortable, use a 10-character password, and give any hacker 699 823 827 359 474 784 combinations to try.

Based on our testing, you probably could hit a little over 3 million passwords per second against AES encryption using a pair of Radeon HD 6990s. That means it'd take 7397 years to perform a search of passwords from one to 10 characters long using AMD's Stream acceleration. Even if you could double your speed from there, it wouldn't be much help. To get under one year, you'd have to scale your efforts to 7397 machines working full-time.

In the future, it might be possible for the average user to access that class of parallel compute power. Distributed computing is the next step, and Parallel Password Recovery is already working on a way to enable GPU-accelerated processing across multiple clients.

For the time being, this shouldn't keep you up at night. As the old adage goes, "if there is a will, there is a way." Ever since there were locks, there were lock picks. If you want to keep something secure, you need to understand how easy (or difficult) it is to pick the lock. That's what password recovery tools do. Surprisingly, WinZip agrees with us on this. As Tom Vaughan, VP at WinZip states, "I view the makers of password recovery tools as white hats, not black hats. It’s the software that you don’t know about that should scare you (software developed by black hats that is faster or more capable of cracking security than you could have predicted)."

It might sound like we're selling up some bogeyman or disseminating information that shouldn't be "out there," but we hope you come away from this story with a reminder that you can’t buy the truly impressive software. Custom cryptography stuff always advances faster than what’s commercially available. So if you are bent out of shape on security, your password should follow these basic guidelines.

  • At least nine characters in length.
  • Contain at least one upper-case letter
  • Contain at least one lower-case letter
  • Contain at least one special character, such as @ or !
  • Contain at least one number

These rules will give you a fighting chance against password hackers. Hackers have an unlimited number of attempts to crack a password. So breaking encryption is really only a matter of time. That's why the security experts understand that the real goal is to deter access to relevant data. If it takes you 50 years to break into a WinZip archive that contains information about my stock trades last week, that information is no longer relevant. Create longer random passwords, and you can also enjoy that level of security and peace of mind.

  • jeff77789
    "While it would take a longer time to find a password made up of nine or 10 passwords, it's definitely doable between a few gaming buddies. "


    9 or 10 characters?
    Reply
  • jj463rd
    How about adding some extended ASCII codes to a password.
    Reply
  • ryandsouza
    "Think of this as generating every single combination of numbers that can be used to solve that same Sodoku puzzle, starting from an all zeros all the way through all nines. "

    Sudoku puzzles have numbers from 1 through 9!
    Reply
  • rpmrush
    This reminds me of Bitcoin GPU crunching. 6990s are favored right now. I wonder how many were sold specifically to Bitcoin miners? I tried it with my dual 6850s but the heat was rediculous. I didn't like the stress on my hardware so I gave up mining. I'm sure it's the same with password software. Maxing out your GPUs. Great for Winter, not Summer!
    Reply
  • mediv42
    I've always wondered about this: why don't they just code a delay into the decryption program, so you can't check a billion passwords a second?
    Reply
  • joshyboy82
    I like the scale, but in your small example (a,b,c) you were right and wrong at the same time. Based on your configuration 6 possibilities are correct, but because you tell someone that they can use A or B or C in the password doesn't stop them from choosing aaa, therefor the combination is 9, not 6. Otherwise, interesting article.
    Reply
  • acku
    9515787 said:
    "Think of this as generating every single combination of numbers that can be used to solve that same Sodoku puzzle, starting from an all zeros all the way through all nines. "

    Sudoku puzzles have numbers from 1 through 9!

    Fixed! Sorry. I usually play Sudoku variants. :)


    9515790 said:
    I like the scale, but in your small example (a,b,c) you were right and wrong at the same time. Based on your configuration 6 possibilities are correct, but because you tell someone that they can use A or B or C in the password doesn't stop them from choosing aaa, therefor the combination is 9, not 6. Otherwise, interesting article.

    I could understand that, but I left out that since I was trying to show a simple example of how permutations differ from combinations. As you pointed out, repetitions are allowed in passwords. I actually mention that in the sentence that follows in the next paragraph.
    Reply
  • webdev511
    Password Haystacks Yes Steve Gibson has already covered something like this. Passphrases with upper lower number and speical are the way to go. Yes, please avoid shortcuts.
    Reply
  • acku
    9515789 said:
    I've always wondered about this: why don't they just code a delay into the decryption program, so you can't check a billion passwords a second?

    It wouldn't be easy from a design standpoint, cause now you're talking about fiddling with the design of the program.

    The easiest way to slow down the verification portion of the password authentication process is increasing the number of transformation invocations for key generation. The problem is that this slows down the performance of your machine, even if you have the correct password.

    jj463rdHow about adding some extended ASCII codes to a password.
    That assumes WinZip and WinRAR supports them. To be honest, I haven't looked into that. Though, I'm inclined to believe that neither program supports them.
    Reply
  • shin0bi272
    the tables in this review are horrible... they go from lengths of time to number of passwords and theres no discernible notation when they do.
    Reply