Password recovery
Gordon, Stanely 2016-07-11
Last week todo
- zedboard
- Hashcat md5crypt
- Hashcat bcrypt
- JTR md5crypt
- JTR bcrypt
FPGA
Setup IDE
- PlanAhead
- Vivado
Some issues
- can't find open source of md5crypt and bcrypt
- only md5 and blowfish
Hashcat, JTR
performance test
Md5crypt
Hashcat
907.6K hash / sec
cpu usage 35%
gpu usage 99%
JTR
66.06K hash / sec
cpu usage 100%
gpu usage 0%
Benchmark
Hashcat
100 input, 3: 56
10000 input, 4hr
JTR
100 input, 4:57
10000 input, 8hr
3000K words dictionary test
Bcrypt
Hashcat
2075 hash / sec
cpu usage 35%
gpu usage 99%
JTR
20.8K hash / sec
cpu usage 100%
gpu usage 0%
Benchmark
Hashcat
1 hash, 24min
JTR
1 hash, 2:29
3000k words dictionary test
Dictionary
The dictionary used for the previous testing
contains 3160119 words
mostly readable vocabularies
Only 39% recovered
Observations of sample input
not many random texts
mostly vocabulary + number
ex: gordon0, gordon1
or contains upper cases
ex: GORDON
Extend the dictionary
- uppercase
- add numbers behind words
3160119 -> 35831725 10x words
100 md5crypt input
- run time 3:56 -> 8:29 2.1x
- recovery 39% -> 88% 2.2x
Extend the dictionary again
- Capitalize
3160119 -> 101243280 30x words
100 md5crypt input
- run time 3:56 -> 6:46 1.7x
- recovery 39% -> 97% 2.4x
Some conslusions
time is hard to predict, depends on input
if the answer appears early in the dictionary, rest of the dictionary is ignored so it is faster
if the answer doesn't appear in the dictionary, the whole dictionary will be traversed so it is slower
Working items
- try different kinds of combinations to extend the dictionary
- try md5 and blowfish on fpga