德国黑客使用租用的计算机资源攻击散列算法

一个德国安全爱好者使用租用的计算机资源来破解用 SHA1 散列算法生成的单向散列。而这种随用随付的计算机资源破解一个 SHA1 散列只需 2 美元。

Thomas Roth 使用基于 GPU 的付费计算机资源来暴力破解 SHA1 散列。密码专家警告说，最少在五年以后，SHA-1 就已经不能被认为是安全的散列算法，Roth 的实验的意义不在于他达到了什么目的、用了哪种攻击方式（实际上只是暴力破解），而是他使用了先进的技术。

像这样以前需要全世界花费数月时间、大量人力物力的项目，现在只需一人用租用的计算机资源在几分钟内就可以完成，而且只需花费区区 2 美元。他用这点钱就租用到了一堆极强的图形处理器，并使用 Cuda-Multiforcer 破解了密码。

以下为详细说明：

As of today, Amazon EC2 is providing what they call "Cluster GPU Instances":  An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs. The exact specifications look like this:

GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?

Using the CUDA-Multiforce, I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.):

1. Compute done: Reference time 2950.1 seconds  
2. Stepping rate: 249.2M MD4/s  
3. Search rate: 3488.4M NTLM/s  

This just shows one more time that SHA1 for password hashing is deprecated - You really don't want to use it anymore! Instead, use something like scrypt or PBKDF2! Just imagine a whole cluster of this machines (Which is now easy to do for anybody thanks to Amazon) cracking passwords for you, pretty comfortable  Large scaling password cracking for everybody!

If I find the time, I'll write a tool which uses the AWS-API to launch on-demand password-cracking instances with a preconfigured AMI. Stay tuned either via RSS or via Twitter.

Installation Instructions:

I used the "Cluster Instances HVM CentOS 5.5 (AMI Id: ami-aa30c7c3)" machine image as provided by Amazon (I choosed the image because it was the only one with CUDA support built in.) and selected "Cluster GPU (cg1.4xlarge, 22GB)" as the instance type. After launching the instance and SSHing into it, you can continue by installing the cracker:

I decided to install the "CUDA-Multiforcer" in version 0.7, as it's the latest version of which the source is available. To compile it, you first need to download the "GPU Computing SDK code samples":

1. # wget 
2. http://developer.download.nvidia.com/compute/cuda/3_2/
3. sdk/gpucomputingsdk_3.2.12_linux.run
4. # chmod +x gpucomputingsdk_3.2.12_linux.run  
5. # ./gpucomputingsdk_3.2.12_linux.run  
6. (Just press enter when asked for the installation directory and the CUDA directory.)  

#p#

Now we need to install the g++ compiler:

1. # yum install automake autoconf gcc-c++  

The next step is compiling the libraries of the SDK samples:

1. # cd ~/NVIDIA_GPU_Computing_SDK/C/  
2. # make lib/libcutil.so  
3. # make shared/libshrutil.so 

Now it's time to download and compile the CUDA-Multiforcer:

1. # cd ~/NVIDIA_GPU_Computing_SDK/C/  
2. # wget http://www.cryptohaze.com/releases/CUDA-Multiforcer-src-0.7.tar.bz2 -O src/CUDA-Multiforcer.tar.bz2  
3. # cd src/  
4. # tar xjf CUDA-Multiforcer.tar.bz2  
5. # cd CUDA-Multiforcer-Release/argtable2-9/  
6. # ./configure && make && make install  
7. # cd ../  

As the Makefile of the CUDA-Multiforcer doesn't work out of the box, we need to open it up and find the line

1. CCFILES := -largtable2 -lcuda  

Replace CCFILES with LINKFLAGS so that the line looks like this:

1. LINKFLAGS := -largtable2 -lcuda  

And type make. If everything worked out, you should have a file ~/NVIDIA_GPU_Computing_SDK/C/bin/linux/release/CUDA-Multiforcer right now. You can try the Multiforcer by doing something like this:

1. # export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH  
2. # export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH  
3. # cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/  
4. # ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr  

Congratulations, you now have a fully working, CUDA-based hash-cracker running on an Amazon EC2 instance.

【编辑推荐】

1. 加密的最高境界:一百年无法破解的密码
2. 破解“蘑菇”病毒很简单！
3. 破解Svchost.exe进程之谜
4. 破解IIS 6.0默认设置安全性的终极秘籍