Hash brute-forcing - CPU vs GPU - a quick overview

[skeletor]

Software used:

• Hashcat for CPUs
• oclHashcat-lite for AMD graphic cards (OpenCL)
• cudaHashcat-lite for nVidia graphic cards

Results:

MD5

Equipment | Speed (million brute-forces per second HD 6950 |4781.5
HD 5770 |2897.7
HD 5750 |2405.5
HD 4890 |1743.5
GTX 560 Ti |1033.7
GTX 260 Core 216 |718.1
8800 GT |489.8
HD 6310 |86.5
i5-2500k (4 threads) |53.41
i5-2500k (2 threads) |28.80
i5-2500k (1 thread) |14.40

SHA1

Equipment | Speed (million brute-forces per second HD 6950 |1675.1
HD 5770 |1020.0
HD 5750 |841.0
HD 4890 |625.5
GTX 560 Ti |504.1
GTX 260 Core 216 |50.9
i5-2500k (4 threads) |45.78
HD 6310 |32.1
8800 GT |31.7
i5-2500k (2 threads) |24.75
i5-2500k (1 thread) |12.51

AMD's VLIW architecture owns nVidia's Fermi and older architectures in this case. More parallelized and that's what Cryptography is all about. Would be interesting to see how AMD's Graphics Core Next fares up for this purpose.

What does 5 billion MD5 brute forces per second mean?
MD5 Hash of a 7 char string containing only lower-case alphabets and numbers cracked within 30 seconds. Think how fast 8 x HD 6990s would be.

Note: oclHashcat-lite didn't work for nVidia cards. Don't know why. Could be either - software or driver issue. Don't consider this an Apples-to-Apples comparison. But still this is the best what each platform can offer.

 

[doomgiver]

i second this, i've seen a demo of this, cracked the 7 alphanum pass in under a minute.

 

[vickybat]

Nice one gagan . You tested all those cards personally? Did 2500k use the AES-NI instruction set for this test or it was standard x86?

I think nvidia fared bad here due to the fact you mentioned above.

What are md5 & sha btw?

 

[skeletor]

This is brute-forcing - trying all permutations. Not any sort of encryption/decryption. Not at all to be confused with AES-NI which only applies for speeding up AES encryption/decryption given the fact you know the key. This was x86 (SSEx) on the CPU obviously.

Regarding cards, special thanks to Faun, Liverpool_fan, hellknight, krow, vamsi and Jojo.

What are md5 & sha btw?

Hashing algorithms.

String: lol
MD5 hash: 9cdfb439c7876e703e307864c9167a15
SHA1 hash: 403926033d001b5279df37cbbe5287b7c7c267fa

Everyone except Sony knows how to store passwords in the hash form. Hash = one way. 4+5 = 9. But you can't get 4 and 5 back from 9. This is a vague definition.

So, when you enter your password - it is the hash of the entered password being compared to what is stored in database. Not plaintext verification. If your database gets hacked, the passwords are not compromised.

To increase security, you can append a salt at the end of a string and then MD5 it. Or salt the string and then MD5/SHA1 it twice.

Edit: thanks to vickybat for submitting HD 5750 scores.

 

[hellknight]

Nice.. so these are the results of that experiment.. btw.. nice colour schemes on Intel, AMD & NVIDIA products

 

[Skud]

Nice. The improvement from Radeon 5xxx to 6xxx is awesome.

 

[Krow]

My poor HD 6310 beats the life out of big i5 processors.

 

[Skud]

Reason for AMD to bundle one with their APU.

 

[asingh]

How is this thing on Xfire..?

 

[JojoTheDragon]

^ Download oclHashcat-lite and find out.

 

[Skud]

Should be over 3000/1000 for Anil.

 

[skeletor]

How is this thing on Xfire..?

Supports Crossfire.

But requires Catalyst 11.4 or later with APP Runtime 2.4 or later. Basically you need to install everything in the driver stack.

 

[asingh]

Give me the DL details will run it. I am on 11.10 drivers cause of BF3, which never worked anyways.

 

[guru_urug]

This is interesting

*www.tomshardware.com/reviews/wireless-security-hack,2981.html

Harden Up: Can We Break Your Password With Our GPUs? : Need A Locksmith?

 

[skeletor]

Give me the DL details will run it. I am on 11.10 drivers cause of BF3, which never worked anyways.

Here:

*hashcat.net/oclhashcat-lite/

 

[iknowledge]

Can you provide detail procedure on how to try this out?

 

[skeletor]

Can you provide detail procedure on how to try this out?

do you have an nVidia or AMD graphic card?

Download the file I posted above. Extract it.

Edit cudaexample.cmd for nVidia or oclexample.cmd for AMD. Replace the first line with the following commands depending on what you are cracking. Second line should be "pause" without quotes.

For MD5: oclHashcat-lite64.exe <MD5_hash_string>

For SHA1: oclHashcat-lite64.exe <SHA1_hash_string> --hash-type=100

 

[BHU5HAN]

This is interesting
btw Why GPU is faster than CPU..?

Everyone except Sony knows how to store passwords in the hash form. Hash = one way. 4+5 = 9. But you can't get 4 and 5 back from 9. This is a vague definition.

So, when you enter your password - it is the hash of the entered password being compared to what is stored in database. Not plaintext verification. If your database gets hacked, the passwords are not compromised.

So, What if any person knows the algorithm for hashing, that person can easily get the plain text form hash..?

 

[Faun]

^^GPU is good at repetitive task.

 

[Renny]

Is this because the GPUs have some instruction set/algorithm which helps it perform better wrt CPUs?