Thursday, April 02, 2009

GPU cracking for $250


ATI and nVidia have just shipped their spring refresh cards. Both now sell an essentially top-of-the-line card for $250 (either the ATI HD 4590 or the nVidia GTX 275). If you do password cracking for pentests, you might want to pick up a few of these cards.

Both would be an excellent card to buy for password cracking. Either would increase password cracking speed by around 10x. I prefer the nVidia card because the CUDA programming support is easier to work with, but I suspect the ATI card may be slightly faster for crunching numbers.

Note the way I say "top-of-the-line". For graphics, the more expensive GTX 285 is better than the GTX 275. However, both cards have the same number of "stream processors" at roughly the same clock speed. Therefore, both should crack passwords at the same speed. What makes the GTX 275 cheaper is the fact that it less backend graphics resources (fewer raster units, slower memory speed, narrower memory bandwidth, smaller frame buffer). We don't care about these other graphics resources -- all we care about is the number of "stream processors" and how fast they run.

7 comments:

Anonymous said...

Cool... now we just need you to release the GPU code you've been working on :)

cdman83 said...

"Either would increase password cracking speed by around 10x" - while this seems like a big improvement, adding one arbitrarily chosen character to your password increases its resistance to brute-forcing 50-something fold (if you consider lower and uppercase alphanumeric characters).

Unomi said...

Maybe I'm asking a blunt question, but can these things also be used for other intensive algorithms? Like recognition of objects in an image can be intensive for normal computers. Especially large images and a large set of such images. Is any speed gain expected?

Robert Graham said...

can they be used for other compute intensive algorithms like image recognition?

Yes. Companies that do content filtering crawl the Internet looking for porn using proprietary image recognition. Companies scan e-mails looking for corporate logos to identify phishing e-mails. These could be accelerated by graphics cards IF THE SOFTWARE HAS BEEN WRITTEN FOR THE GRAPHICS CARDS. Acceleration only works if the people have written software specifically for either the ATI or nVidia architecture. As far as I know, none of these people have, therefore, graphics cards will not accelerate their software. But they eventually will. It's a steep learning curve, but lots of students in college are learning CUDA now, and in a couple of years, the market will be full of programmers with this sort of experience. Good thing to study now if you are a beginning programmer.

Martin said...

If you really want to start salivating over CUDA-based apps, check out Gnort at http://www.ics.forth.gr/dcs/Activities/papers/gnort.raid08.pdf ! Great statistics in that paper as well.

Robert Graham said...

There's no nice way of saying this, so here it goes.

Gnort "accelerates" Snort to 2.3-Gbps. My IDS code runs at 6-Gbps.

Martin said...

I read reviews of the Proventia GX6116 and it sounds like with all the features and excellent performance, it's the Ferrari of IPS. It also lists at about the same price as a Ferrari, so I suppose that's to be expected. Most organizations will never be able to justify that expense (especially not in the next few years), but it's pretty easy to justify the expense of a decent desktop with a GPU running free software.