Saturday, December 1, 2012

nvcc, OS X, clang, and dumpspecs

If you are building with nvcc on OS X and get errors along the lines of "clang error: unsupported option '-dumpspecs'" - welcome to the new build world.

The best fix I've found so far is to replace the /usr/bin/cc and /usr/bin/c++ symlinks (which currently go to clang) with symlinks to llvm-gcc.

sudo rm /usr/bin/cc
sudo rm /usr/bin/c++
sudo ln /usr/bin/llvm-gcc /usr/bin/cc
sudo ln /usr/bin/llvm-g++ /usr/bin/c++

Try that out and see if it works!  Please let me know if you find a better solution as well.

Saturday, October 20, 2012

Defcon 2012 Cryptohaze Cloud Cracking video

You can find it here:


Tuesday, October 16, 2012

Cryptohaze now supports Lotus hashes!

New algorithm support (and what I believe is the fastest implementation out there at this point in time): Lotus Domino hashes.  Unsalted only, for now.

Performance, in a system with an AMD 6990 (43M/s total) and 2 overclocked 7970s (50M/s each):

And, for the nVidia side of the house, a comparison between a stock clocked 7970 (46M/s) and a stock GTX470 (31M/s):

I don't have a binary release yet, but it's all checked into SVN over at Sourceforge!

Thursday, September 6, 2012

Cryptohaze MD5 and NTLM length 8 tables available for download!

After some work, a private tracker, and realizing that torrent clients have an upper size limit that is insanely small, I've got the MD5 and NTLM length 8 rainbow tables up as torrents.

Download & enjoy!

Sunday, August 5, 2012

An interesting identity verification threat, observed

A threat model I have occasionally considered for things in the past is the use of a system for identity verification.  This could be verifying full stolen identities, or in the perhaps more common case, verifying stolen credit card numbers.

However, I've never actually seen this "in the wild" until recently.  A few weeks ago, I did some log analysis for a site that was suffering a high number of invalid donations in a short period of time (after they'd blocked the offending IPs and renamed the donation form).

It was good fun - I actually was able to observe the behavior of "analyze site, write script, run script from a compromised client, get confused when 404s show up, give up."

Wednesday, August 1, 2012

Sunday, July 29, 2012

A call for password algorithm disclosure

Not even 24 hours after my Defcon talk, in which I expressed my opinion that password hashing policies should be disclosed, Twitter finds out that @UKTesco believes this is acceptable: Passwords are stored in a secure way. They’re only copied into plain text when pasted automatically into a password reminder mail.

No.  If you can recover the plaintext of the password to send in an unencrypted email, your passwords are not "stored in a secure way."  They are stored in a fully insecure way.

LinkedIn: Unsalted SHA1.
Yahoo Music: Plaintext.
eHarmony: Unsalted MD5.
RockYou: Plaintext.

This is unacceptable.  This is 2012, not 1982.

My proposal is very simple:

Disclose your password hashing algorithm publicly on your website.

If you are using BCrypt, tell us.  If you are using PBKDF2 with a high iteration count, tell us.  If you are using SCrypt, tell us.  If you are using unsalted anything... fix it before you tell us.  If you are using plaintext, fix it before you tell us.

The new user behavior should be:
If a website does not tell you what hashing algorithm they use, assume they use plaintext.

This is the only reasonable way to deal with the fact that websites, in large numbers, do not take their password security seriously.

For website operators who are concerned about this: Why are you concerned?  If you are using a good password hashing algorithm, this is a very good thing to advertise.  If you do NOT use a good password hashing algorithm... people will find out eventually.  One way or another, people will find out, and it's not a good thing when they find out you've been treating their sensitive passwords as common temp data.

Please feel free to share.  Let's fix this problem.

Thursday, July 26, 2012

Defcon 2012!

I'll be there this afternoon!

Just a reminder - my talk is at noon, Saturday, in P&T - if you want to meet in person & ask me questions, this would be a great time!

Otherwise, feel free to ping me at @Bitweasil if you want to find me.  Enjoy Defcon, and stay safe out there!

Sunday, July 22, 2012

Installing Cryptohaze on Amazon EC2 GPU instances

There have been a number of scattered requests to support my tools on EC2 GPU nodes in a more "supported" manner than the current set of hacks.

I've written a script that will take an Amazon GPU node, install the needed libraries, install my tools, and optionally point the Multiforcer at a server of your choosing.  This works well with spot instances at $0.35/hr instead of $2.10/hr.  The script is reasonably tested, and works fine for me!

Instructions and script

Forum discussion thread for feedback


Monday, July 16, 2012

Cryptohaze Rainbow Tables now available for purchase!

I've finally set things up to allow easy online purchase of the generated GPU rainbow tables.

NTLM length 8 tables and MD5 length tables are both available now at - enjoy!

Sunday, July 15, 2012

Password salting: Why it matters

I'd like to take this afternoon to explain why salts matter so very much in password storage.  Why am I qualified to write this?  Because I write password cracking tools, and have focused on attacking large lists of unsalted hashes very efficiently.  And salts make my life very difficult.

Consider this a very long response to @jimblandy's tweet this morning.

I'm not picking on him specifically - this is a sentiment I see repeated over and over, in a wide variety of places.  And it's time to respond.  Also, it appears to be #passwordssunday for some reason.

Hardware pictures from the crack-a-thon

Some hardware shots from yesterday of the more fun stuff...

154 Billion NTLM/sec on 10 hashes

It's a good day when you see the following on 10 hashes:

Yes, that's 154B - as in Billion.  It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total of 31 GPU cores in 6 physical systems.  We had another 11 cards with 15 GPU cores left over - we didn't have systems to put them in (mostly nVidia).

For more details, read on...

Monday, July 9, 2012

Torrents updated - please refresh your torrent files!

If you've downloaded the rainbow table torrents from, please redownload them.  You can put them in the same place and the torrent will resume.  I gave up on UDP trackers as my only trackers, and am now running a Cryptohaze-specific torrent tracker that should provide much better results and reliability, as well as better behavior for clients behind firewalls.  Thanks!

Wednesday, July 4, 2012

On EC2 instances and password cracking

The general wisdom, rightly so, is that EC2 GPU instances are awful ways to spend your dollars for password cracking.  They're running obsolete Teslas, which are underclocked nVidias, which we all know are terrible for password cracking.

But... still.  I decided to go benchmark, because I don't like saying something sucks without good cause.

Let's say we're interested in a few NTLM length 8 passwords.  Fairly standard for a corporate audit.

I know, I know - glacially slow compared to "modern hash cracking rigs" - but how much does it cost to do?

Well, at 3B hashes per second, length 8 (95 characters) will take 615 hours.  At $2.10/hr standard GPU instance pricing, that's nearly $1300!  Ouch!  You're really better off buying a 6990 or something at that price!

But what about spot pricing?  Amazon clearly isn't having them heavily utilized, because their spot price is $0.346/hr right now.  And that, my friends, works out to $213.  Which is a whole lot more interesting - especially since that's the total cracking cost, if you use one instance and a month, or a bunch of instances and a lot less time.

Just something to think about...

Updated July 31 2012
If you are looking to actually do this, has links to the scripts to do so.  And the speeds are even better, making the cost less!

Tuesday, July 3, 2012

Using oclHashcat-0.09 on Ubuntu 10.04

If you're a beta tester for oclHashcat-plus 0.09, you may have noticed that it doesn't work on older versions of Ubuntu.  You'll probably get a glibc version error - something along the lines of:

./oclHashcat-plus64.bin: /lib/ version `GLIBC_2.14' not found (required by ./oclHashcat-plus64.bin)

The bad news is that Ubuntu 10.04 uses an older version of GLIBC.  The good news is that this shouldn't stop you from being able to use 0.09 on 10.04!  The trick is Linux chroot support - you create a 12.04 in a chroot, bind the right stuff in, and run oclHashcat.

Saturday, June 30, 2012

Cryptohaze via SSL

In theory, is now fully SSL enabled!  Non-HTTPS links should transparently redirect to SSL.

If you get any warnings, errors, or "non-SSL content from a SSL page" type warnings, please, let me know!

This should resolve all login security issues, and I plan on using SSL for all user-facing login services going forward, unless it's using generated, meaningless passwords (for APIs or such).

Saturday, May 26, 2012

Cryptohaze Rainbow Table torrents

I realized that the old tracker I was using was dead, and my torrents were half old V1 tables, not the new V2 stuff I have.

I've updated my torrent files for MD5/NTLM len6 and len7 - all of them should be on live trackers, being seeded.

Please mirror!

Tuesday, May 1, 2012

Huh. That's... weird. Is it an OpenCL Multiforcer?

That's weird.  What mix of hardware could be generating these speeds?  It couldn't possibly be an ATI 6970, an nVidia GTX580, an nVidia GTX260, and an i7 processor all working TOGETHER, could it?

It is.  And it's fast.  And it's ready to beta for Linux.

It only supports NTLM and MD5 right now, and if you have an ATI 6xxx series card, you probably want to add "--bfi_int" to the command line flags - it doesn't do it automatically yet.

If you don't want it to use everything, and just want to test it on your ATI cards, add --nocuda and --nocpu (and likely --bfi_int) to the command line flags.

If you're running a 7970, I haven't tested it on one yet, but you should be able to skip the --bfi_int flag and still get very good performance as the compiler does what it should.

Sunday, April 29, 2012

New builds - 1.31a, with GTX680 support!

Good news, everybody!  The Cryptohaze downloads have gotten BIGGER!

And there's another release.  1.31a.

I've (theoretically) fixed a missing DLL in the Windows build, and I've added GTX680 (sm_30) support for the Windows and Linux builds.  If anyone actually has a GTX680 in a Mac, let me know and I'll make a build...

Also, I've not actually tested this on a GTX680.  If you have one, can you please verify that everything works?  Thanks!

libcurl linking errors on Windows?

Are you getting libcurl link errors on Windows that look like this?

unresolved external symbol __imp__curl_easy_cleanup 
unresolved external symbol __imp__curl_easy_perform 
unresolved external symbol __imp__curl_easy_setopt
unresolved external symbol __imp__curl_easy_init

Fear no more!  First, ensure you are linking against the correct libraries, which should include:
libcurl.lib ws2_32.lib winmm.lib wldap32.lib

If this doesn't fix it, you probably need to add an additional Preprocessor Definition: CURL_STATICLIB - and it should fix the issue!  Hopefully this saves someone some time.

Tuesday, April 24, 2012

Cryptohaze tools 1.31 out - CUDA 4.2 release

New release.

1.31, with CUDA 4.2 compatibility and a few minor tweaks to work around a bug I found in 1.30 that involved some hashes not being found.

It also includes the IP address brute forcing script in the charsets/ip_addresses directory (for Unix - please, if anyone wants to make a Windows batch file, I'd really appreciate it!)

Go grab it & let me know if you have any problems.

Monday, April 23, 2012

Brute forcing IP address with the Cryptohaze Multiforcer

A few weeks ago, phillips321 had a problem.  He wanted to brute force IP addresses.  There was no good tool out there to do this, and brute forcing 4B+ MD5s is a bit slow on a CPU.

So, he wrote a quick dictionary and used Hashcat to crack the IPs.  And, as a good security consultant should do, blogged about it:

I replied that the per-position charsets with the Cryptohaze Multiforcer could do much the same, and then promptly forgot about it until now.

One significant flaw in his approach is that some systems will store IP addresses as "", and some will store them as "" - it depends on what type of odd hardware you're bothering.

If you don't care about brute forcing hashes of IP addresses, you can probably go somewhere else now.  Otherwise, onward!

Sunday, March 11, 2012

svn segfaulting on the Nokia N900

If you happen to have a Nokia N900, and you've updated it, and svn segfaults (causing issues for, perhaps, updating Metasploit), this may annoy you!  Specifically, Metasploit won't update!

Nokia-N900:~/MyDocs/pwnphone/msf3$ svn
Segmentation fault

You may have found the following post:

And you may have attempted to follow the directions, to no avail, because the specified versions are no longer in the main repo.

Fear not, and read on!

Sunday, February 12, 2012

Quad-GPU builds with a case: Part 2

It's been a while since I posted on my quad GPU build.  Since then, I've moved to a different case, which I thought I would share.

If you haven't read the original post, you can find it here - I'll wait.

Despite the fans in that case, I had thermal management issues - GPUs would run incredibly hot at times, up well past 100C - which I do not like at all.

Fortunately, the new case fixed it!  The new case?

It's a Chenbro RM41300G

And it does this with the GPUs under full load (1x GTX295, 3xGTX470):