If you are building with nvcc on OS X and get errors along the lines of "clang error: unsupported option '-dumpspecs'" - welcome to the new build world.
The best fix I've found so far is to replace the /usr/bin/cc and /usr/bin/c++ symlinks (which currently go to clang) with symlinks to llvm-gcc.
sudo rm /usr/bin/cc
sudo rm /usr/bin/c++
sudo ln /usr/bin/llvm-gcc /usr/bin/cc
sudo ln /usr/bin/llvm-g++ /usr/bin/c++
Try that out and see if it works! Please let me know if you find a better solution as well.
Saturday, December 1, 2012
Saturday, October 20, 2012
Tuesday, October 16, 2012
Cryptohaze now supports Lotus hashes!
Performance, in a system with an AMD 6990 (43M/s total) and 2 overclocked 7970s (50M/s each):
And, for the nVidia side of the house, a comparison between a stock clocked 7970 (46M/s) and a stock GTX470 (31M/s):
I don't have a binary release yet, but it's all checked into SVN over at Sourceforge!
Thursday, September 6, 2012
Cryptohaze MD5 and NTLM length 8 tables available for download!
After some work, a private tracker, and realizing that torrent clients have an upper size limit that is insanely small, I've got the MD5 and NTLM length 8 rainbow tables up as torrents.
https://cryptohaze.com/gpurainbowtables.php
Download & enjoy!
https://cryptohaze.com/gpurainbowtables.php
Download & enjoy!
Sunday, August 5, 2012
An interesting identity verification threat, observed
A threat model I have occasionally considered for things in the past is the use of a system for identity verification. This could be verifying full stolen identities, or in the perhaps more common case, verifying stolen credit card numbers.
However, I've never actually seen this "in the wild" until recently. A few weeks ago, I did some log analysis for a site that was suffering a high number of invalid donations in a short period of time (after they'd blocked the offending IPs and renamed the donation form).
It was good fun - I actually was able to observe the behavior of "analyze site, write script, run script from a compromised client, get confused when 404s show up, give up."
However, I've never actually seen this "in the wild" until recently. A few weeks ago, I did some log analysis for a site that was suffering a high number of invalid donations in a short period of time (after they'd blocked the offending IPs and renamed the donation form).
It was good fun - I actually was able to observe the behavior of "analyze site, write script, run script from a compromised client, get confused when 404s show up, give up."
Wednesday, August 1, 2012
Cryptohaze Cloud Cracking Slides & Writeup
If you just want the slides of the talk, here you go:
https://cryptohaze.com/slides/Cryptohaze%20DC20%20Final%20Slides.pdf
If you're interested in a commentary on the slides, read on!
https://cryptohaze.com/slides/Cryptohaze%20DC20%20Final%20Slides.pdf
If you're interested in a commentary on the slides, read on!
Sunday, July 29, 2012
A call for password algorithm disclosure
Not even 24 hours after my Defcon talk, in which I expressed my opinion that password hashing policies should be disclosed, Twitter finds out that @UKTesco believes this is acceptable: Passwords are stored in a secure way. They’re only copied into plain text when pasted automatically into a password reminder mail.
No. If you can recover the plaintext of the password to send in an unencrypted email, your passwords are not "stored in a secure way." They are stored in a fully insecure way.
LinkedIn: Unsalted SHA1.
Yahoo Music: Plaintext.
eHarmony: Unsalted MD5.
RockYou: Plaintext.
This is unacceptable. This is 2012, not 1982.
My proposal is very simple:
Disclose your password hashing algorithm publicly on your website.
If you are using BCrypt, tell us. If you are using PBKDF2 with a high iteration count, tell us. If you are using SCrypt, tell us. If you are using unsalted anything... fix it before you tell us. If you are using plaintext, fix it before you tell us.
The new user behavior should be:
If a website does not tell you what hashing algorithm they use, assume they use plaintext.
This is the only reasonable way to deal with the fact that websites, in large numbers, do not take their password security seriously.
For website operators who are concerned about this: Why are you concerned? If you are using a good password hashing algorithm, this is a very good thing to advertise. If you do NOT use a good password hashing algorithm... people will find out eventually. One way or another, people will find out, and it's not a good thing when they find out you've been treating their sensitive passwords as common temp data.
Please feel free to share. Let's fix this problem.
No. If you can recover the plaintext of the password to send in an unencrypted email, your passwords are not "stored in a secure way." They are stored in a fully insecure way.
LinkedIn: Unsalted SHA1.
Yahoo Music: Plaintext.
eHarmony: Unsalted MD5.
RockYou: Plaintext.
This is unacceptable. This is 2012, not 1982.
My proposal is very simple:
Disclose your password hashing algorithm publicly on your website.
If you are using BCrypt, tell us. If you are using PBKDF2 with a high iteration count, tell us. If you are using SCrypt, tell us. If you are using unsalted anything... fix it before you tell us. If you are using plaintext, fix it before you tell us.
The new user behavior should be:
If a website does not tell you what hashing algorithm they use, assume they use plaintext.
This is the only reasonable way to deal with the fact that websites, in large numbers, do not take their password security seriously.
For website operators who are concerned about this: Why are you concerned? If you are using a good password hashing algorithm, this is a very good thing to advertise. If you do NOT use a good password hashing algorithm... people will find out eventually. One way or another, people will find out, and it's not a good thing when they find out you've been treating their sensitive passwords as common temp data.
Please feel free to share. Let's fix this problem.
Thursday, July 26, 2012
Defcon 2012!
I'll be there this afternoon!
Just a reminder - my talk is at noon, Saturday, in P&T - if you want to meet in person & ask me questions, this would be a great time!
Otherwise, feel free to ping me at @Bitweasil if you want to find me. Enjoy Defcon, and stay safe out there!
Just a reminder - my talk is at noon, Saturday, in P&T - if you want to meet in person & ask me questions, this would be a great time!
Otherwise, feel free to ping me at @Bitweasil if you want to find me. Enjoy Defcon, and stay safe out there!
Sunday, July 22, 2012
Installing Cryptohaze on Amazon EC2 GPU instances
There have been a number of scattered requests to support my tools on EC2 GPU nodes in a more "supported" manner than the current set of hacks.
I've written a script that will take an Amazon GPU node, install the needed libraries, install my tools, and optionally point the Multiforcer at a server of your choosing. This works well with spot instances at $0.35/hr instead of $2.10/hr. The script is reasonably tested, and works fine for me!
Instructions and script
Forum discussion thread for feedback
Enjoy!
I've written a script that will take an Amazon GPU node, install the needed libraries, install my tools, and optionally point the Multiforcer at a server of your choosing. This works well with spot instances at $0.35/hr instead of $2.10/hr. The script is reasonably tested, and works fine for me!
Instructions and script
Forum discussion thread for feedback
Enjoy!
Monday, July 16, 2012
Cryptohaze Rainbow Tables now available for purchase!
I've finally set things up to allow easy online purchase of the generated GPU rainbow tables.
NTLM length 8 tables and MD5 length tables are both available now at https://cryptohaze.com/purchase_tables.php - enjoy!
NTLM length 8 tables and MD5 length tables are both available now at https://cryptohaze.com/purchase_tables.php - enjoy!
Sunday, July 15, 2012
Password salting: Why it matters
I'd like to take this afternoon to explain why salts matter so very much in password storage. Why am I qualified to write this? Because I write password cracking tools, and have focused on attacking large lists of unsalted hashes very efficiently. And salts make my life very difficult.
Consider this a very long response to @jimblandy's tweet this morning.
I'm not picking on him specifically - this is a sentiment I see repeated over and over, in a wide variety of places. And it's time to respond. Also, it appears to be #passwordssunday for some reason.
154 Billion NTLM/sec on 10 hashes
It's a good day when you see the following on 10 hashes:
For more details, read on...
Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems. We had another 11 cards with 15 GPU cores left over - we didn't have systems to put them in (mostly nVidia).
Monday, July 9, 2012
Torrents updated - please refresh your torrent files!
If you've downloaded the rainbow table torrents from http://cryptohaze.com/gpurainbowtables.php, please redownload them. You can put them in the same place and the torrent will resume. I gave up on UDP trackers as my only trackers, and am now running a Cryptohaze-specific torrent tracker that should provide much better results and reliability, as well as better behavior for clients behind firewalls. Thanks!
Wednesday, July 4, 2012
On EC2 instances and password cracking
The general wisdom, rightly so, is that EC2 GPU instances are awful ways to spend your dollars for password cracking. They're running obsolete Teslas, which are underclocked nVidias, which we all know are terrible for password cracking.
But... still. I decided to go benchmark, because I don't like saying something sucks without good cause.
Let's say we're interested in a few NTLM length 8 passwords. Fairly standard for a corporate audit.
Just something to think about...
Updated July 31 2012
If you are looking to actually do this, http://blog.cryptohaze.com/2012/07/installing-cryptohaze-on-amazon-ec2-gpu.html has links to the scripts to do so. And the speeds are even better, making the cost less!
But... still. I decided to go benchmark, because I don't like saying something sucks without good cause.
Let's say we're interested in a few NTLM length 8 passwords. Fairly standard for a corporate audit.
I know, I know - glacially slow compared to "modern hash cracking rigs" - but how much does it cost to do?
Well, at 3B hashes per second, length 8 (95 characters) will take 615 hours. At $2.10/hr standard GPU instance pricing, that's nearly $1300! Ouch! You're really better off buying a 6990 or something at that price!
But what about spot pricing? Amazon clearly isn't having them heavily utilized, because their spot price is $0.346/hr right now. And that, my friends, works out to $213. Which is a whole lot more interesting - especially since that's the total cracking cost, if you use one instance and a month, or a bunch of instances and a lot less time.
Just something to think about...
Updated July 31 2012
If you are looking to actually do this, http://blog.cryptohaze.com/2012/07/installing-cryptohaze-on-amazon-ec2-gpu.html has links to the scripts to do so. And the speeds are even better, making the cost less!
Tuesday, July 3, 2012
Using oclHashcat-0.09 on Ubuntu 10.04
If you're a beta tester for oclHashcat-plus 0.09, you may have noticed that it doesn't work on older versions of Ubuntu. You'll probably get a glibc version error - something along the lines of:
./oclHashcat-plus64.bin: /lib/libc.so.6: version `GLIBC_2.14' not found (required by ./oclHashcat-plus64.bin)
The bad news is that Ubuntu 10.04 uses an older version of GLIBC. The good news is that this shouldn't stop you from being able to use 0.09 on 10.04! The trick is Linux chroot support - you create a 12.04 in a chroot, bind the right stuff in, and run oclHashcat.
./oclHashcat-plus64.bin: /lib/libc.so.6: version `GLIBC_2.14' not found (required by ./oclHashcat-plus64.bin)
The bad news is that Ubuntu 10.04 uses an older version of GLIBC. The good news is that this shouldn't stop you from being able to use 0.09 on 10.04! The trick is Linux chroot support - you create a 12.04 in a chroot, bind the right stuff in, and run oclHashcat.
Saturday, June 30, 2012
Cryptohaze via SSL
In theory, https://www.cryptohaze.com/ is now fully SSL enabled! Non-HTTPS links should transparently redirect to SSL.
If you get any warnings, errors, or "non-SSL content from a SSL page" type warnings, please, let me know!
This should resolve all login security issues, and I plan on using SSL for all user-facing login services going forward, unless it's using generated, meaningless passwords (for APIs or such).
If you get any warnings, errors, or "non-SSL content from a SSL page" type warnings, please, let me know!
This should resolve all login security issues, and I plan on using SSL for all user-facing login services going forward, unless it's using generated, meaningless passwords (for APIs or such).
Saturday, May 26, 2012
Cryptohaze Rainbow Table torrents
I realized that the old tracker I was using was dead, and my torrents were half old V1 tables, not the new V2 stuff I have.
I've updated my torrent files for MD5/NTLM len6 and len7 - all of them should be on live trackers, being seeded.
Please mirror!
http://cryptohaze.com/gpurainbowtables.php
I've updated my torrent files for MD5/NTLM len6 and len7 - all of them should be on live trackers, being seeded.
Please mirror!
http://cryptohaze.com/gpurainbowtables.php
Tuesday, May 1, 2012
Huh. That's... weird. Is it an OpenCL Multiforcer?
That's weird. What mix of hardware could be generating these speeds? It couldn't possibly be an ATI 6970, an nVidia GTX580, an nVidia GTX260, and an i7 processor all working TOGETHER, could it?
It is. And it's fast. And it's ready to beta for Linux.
https://sourceforge.net/projects/cryptohaze/files/New-Multiforcer-Linux_x64_1_31.tar.bz2/download
It only supports NTLM and MD5 right now, and if you have an ATI 6xxx series card, you probably want to add "--bfi_int" to the command line flags - it doesn't do it automatically yet.
If you don't want it to use everything, and just want to test it on your ATI cards, add --nocuda and --nocpu (and likely --bfi_int) to the command line flags.
If you're running a 7970, I haven't tested it on one yet, but you should be able to skip the --bfi_int flag and still get very good performance as the compiler does what it should.
Sunday, April 29, 2012
New builds - 1.31a, with GTX680 support!
Good news, everybody! The Cryptohaze downloads have gotten BIGGER!
I've (theoretically) fixed a missing DLL in the Windows build, and I've added GTX680 (sm_30) support for the Windows and Linux builds. If anyone actually has a GTX680 in a Mac, let me know and I'll make a build...
And there's another release. 1.31a.
I've (theoretically) fixed a missing DLL in the Windows build, and I've added GTX680 (sm_30) support for the Windows and Linux builds. If anyone actually has a GTX680 in a Mac, let me know and I'll make a build...
Also, I've not actually tested this on a GTX680. If you have one, can you please verify that everything works? Thanks!
libcurl linking errors on Windows?
Are you getting libcurl link errors on Windows that look like this?
If this doesn't fix it, you probably need to add an additional Preprocessor Definition: CURL_STATICLIB - and it should fix the issue! Hopefully this saves someone some time.
unresolved external symbol __imp__curl_easy_cleanup unresolved external symbol __imp__curl_easy_perform unresolved external symbol __imp__curl_easy_setoptunresolved external symbol __imp__curl_easy_init
libcurl.lib ws2_32.lib winmm.lib wldap32.libIf this doesn't fix it, you probably need to add an additional Preprocessor Definition: CURL_STATICLIB - and it should fix the issue! Hopefully this saves someone some time.
Tuesday, April 24, 2012
Cryptohaze tools 1.31 out - CUDA 4.2 release
New release.
1.31, with CUDA 4.2 compatibility and a few minor tweaks to work around a bug I found in 1.30 that involved some hashes not being found.
It also includes the IP address brute forcing script in the charsets/ip_addresses directory (for Unix - please, if anyone wants to make a Windows batch file, I'd really appreciate it!)
http://sourceforge.net/projects/cryptohaze/files/
Go grab it & let me know if you have any problems.
1.31, with CUDA 4.2 compatibility and a few minor tweaks to work around a bug I found in 1.30 that involved some hashes not being found.
It also includes the IP address brute forcing script in the charsets/ip_addresses directory (for Unix - please, if anyone wants to make a Windows batch file, I'd really appreciate it!)
http://sourceforge.net/projects/cryptohaze/files/
Go grab it & let me know if you have any problems.
Monday, April 23, 2012
Brute forcing IP address with the Cryptohaze Multiforcer
A few weeks ago, phillips321 had a problem. He wanted to brute force IP addresses. There was no good tool out there to do this, and brute forcing 4B+ MD5s is a bit slow on a CPU.
So, he wrote a quick dictionary and used Hashcat to crack the IPs. And, as a good security consultant should do, blogged about it: http://www.phillips321.co.uk/2012/04/04/cracking-an-md5-of-an-ip-address/
I replied that the per-position charsets with the Cryptohaze Multiforcer could do much the same, and then promptly forgot about it until now.
One significant flaw in his approach is that some systems will store IP addresses as "192.168.1.1", and some will store them as "192.168.001.001" - it depends on what type of odd hardware you're bothering.
If you don't care about brute forcing hashes of IP addresses, you can probably go somewhere else now. Otherwise, onward!
So, he wrote a quick dictionary and used Hashcat to crack the IPs. And, as a good security consultant should do, blogged about it: http://www.phillips321.co.uk/2012/04/04/cracking-an-md5-of-an-ip-address/
I replied that the per-position charsets with the Cryptohaze Multiforcer could do much the same, and then promptly forgot about it until now.
One significant flaw in his approach is that some systems will store IP addresses as "192.168.1.1", and some will store them as "192.168.001.001" - it depends on what type of odd hardware you're bothering.
If you don't care about brute forcing hashes of IP addresses, you can probably go somewhere else now. Otherwise, onward!
Sunday, March 11, 2012
svn segfaulting on the Nokia N900
If you happen to have a Nokia N900, and you've updated it, and svn segfaults (causing issues for, perhaps, updating Metasploit), this may annoy you! Specifically, Metasploit won't update!
Nokia-N900:~/MyDocs/pwnphone/msf3$ svn
Segmentation fault
You may have found the following post: http://zitstif.no-ip.org/?p=581
And you may have attempted to follow the directions, to no avail, because the specified versions are no longer in the main repo.
Fear not, and read on!
Nokia-N900:~/MyDocs/pwnphone/msf3$ svn
Segmentation fault
You may have found the following post: http://zitstif.no-ip.org/?p=581
And you may have attempted to follow the directions, to no avail, because the specified versions are no longer in the main repo.
Fear not, and read on!
Sunday, February 12, 2012
Quad-GPU builds with a case: Part 2
It's been a while since I posted on my quad GPU build. Since then, I've moved to a different case, which I thought I would share.
If you haven't read the original post, you can find it here - I'll wait.
Despite the fans in that case, I had thermal management issues - GPUs would run incredibly hot at times, up well past 100C - which I do not like at all.
Fortunately, the new case fixed it! The new case?
It's a Chenbro RM41300G.
And it does this with the GPUs under full load (1x GTX295, 3xGTX470):
If you haven't read the original post, you can find it here - I'll wait.
Despite the fans in that case, I had thermal management issues - GPUs would run incredibly hot at times, up well past 100C - which I do not like at all.
Fortunately, the new case fixed it! The new case?
It's a Chenbro RM41300G.
And it does this with the GPUs under full load (1x GTX295, 3xGTX470):
Subscribe to:
Posts (Atom)