14 DAY TRIAL // GPUs (Graphics Processing Units) have a new utility lately, and it's not video games. A brand new technique for cracking computer passwords has been developed by the software company Elcomsoft, based in Moscow, Russia, which has filed a patent for it in the US. This has been possible once Nvidia released in February 2007 an SDK (Software Development Kit) for its graphics hardware that gives full access to programmers to exploit the video card's full processing power.
Using an inexpensive video card such as nVidia's GeForce 8800 Ultra, Elcomsoft has managed to increase the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov. Cracking passwords on a computer, even the toughest ones, say those used to log in to a Windows Vista computer, would normally take months of continuous processing time to crack by using a CPU (Central Processing Unit). By using a $150 CPU, Elcomsoft says they can crack a password in three to five days; less complex passwords could be retrieved in a few minutes.
It is the way a GPU processes data that provides the speed increase. NVidia spokesman Andrew Humber describes the process using the analogy of searching for words in a book. "A [normal computer processor] would read the book, starting at page 1 and finishing at page 500," he says. "A GPU would take the book, tear it into a 100,000 pieces, and read all of those pieces at the same time."
The massively parallel processing power of a GPU is perfect for breaking passwords, thus stirring great concerns related to future developments, but also paying tribute to those that invented this elegant and intelligent technique.
Password cracking is used to unlock data on a computer but to steal information from one as well; they do not usually work on banking or commercial websites because the process takes to long to complete, and the site normally blokes a user after multiple failed attempts. Although it was proved that this password cracking technique works, sensitive data can still be protected by long encryption cryptographic keys that are extremely hard to crack.
Known as CUDA, the SDK lets programmers access the computing power of the GPU directly. It has gained a following among those with a need for high-performance computing, particularly in fields such as science and engineering. "[CUDA] is a huge thing for the oil and gas industry, for the financial sector, and for scientists," Humber says. He adds that CUDA is also being used by a company called Evolved Machines to simulate the way the human brain wires itself.
Elcomsoft says it took three months to develop code to take advantage of a GPU, and the company plans to introduce the feature into some of its future password-cracking products.