Password recovery

Gordon, Stanely 2016-07-11

Last week todo

  • zedboard
  • Hashcat md5crypt
  • Hashcat bcrypt
  • JTR md5crypt
  • JTR bcrypt

FPGA

Setup IDE

  • PlanAhead
  • Vivado

Some issues

  • can't find open source of md5crypt and bcrypt
  • only md5 and blowfish

Hashcat, JTR

performance test

Md5crypt

Hashcat

907.6K hash / sec

cpu usage 35%

gpu usage 99%

JTR

66.06K hash / sec

cpu usage 100% 

gpu usage 0%

Benchmark

Hashcat

100 input, 3: 56

10000 input, 4hr

JTR

100 input, 4:57

10000 input, 8hr

3000K words dictionary test

Bcrypt

Hashcat

2075 hash / sec

cpu usage 35%

gpu usage 99%

JTR

20.8K hash / sec

cpu usage 100% 

gpu usage 0%

Benchmark

Hashcat

1 hash, 24min

 

JTR

1 hash, 2:29

3000k words dictionary test

Dictionary

The dictionary used for the previous testing

contains 3160119 words

mostly readable vocabularies

Only 39% recovered

Observations of sample input

not many random texts

mostly vocabulary + number

ex: gordon0, gordon1

or contains upper cases

ex: GORDON

Extend the dictionary

  • uppercase
  • add numbers behind words

3160119 -> 35831725 10x words

100 md5crypt input

  • run time  3:56 -> 8:29 2.1x
  • recovery  39% -> 88% 2.2x

Extend the dictionary again

  • Capitalize

3160119 -> 101243280 30x words

100 md5crypt input

  • run time  3:56 -> 6:46 1.7x 
  • recovery  39% -> 97% 2.4x

Some conslusions

time is hard to predict, depends on input

if the answer appears early in the dictionary, rest of the dictionary is ignored so it is faster

if the answer doesn't appear in the dictionary, the whole dictionary will be traversed so it is slower

Working items

  • try different kinds of combinations to extend the dictionary
  • try md5 and blowfish on fpga

sc16 meeting 2016-07-11

By Gordon Ueng

sc16 meeting 2016-07-11

  • 556