Posted by: kurtsh | October 26, 2007

INFO: Cracking NTLM password hashes using a $150 nVidia graphics adapter GPU

HYPE
Talk about commoditized parallel computing. See attached document detailing the usage of GPU to “crack” NTLM password hashes in a SAM database.

Elcomsoft turns your PC into a password cracking supercomputer
You know all that talk about GPUs being the new CPUs? Well it’s not just a lot of hot, ventilated air. Thanks in large part to the launch of development kits like nVidia’s CUDA, Russian outfit Elcomsoft has just filed for a US patent which leverages GPUs to crack passwords. Their approach harnesses the massively parallel processing capabilities of modern graphics cards to make minced-meat of corporate-strength password protection. An NTLM-hashed Microsoft Vista password, for example, can now be cracked in 3 to 5 days (instead of two months) using a simple, off-the-shelf, $150 graphics card — less complicated passwords can take just minutes…

http://www.engadget.com/2007/10/24/elcomsoft-turns-your-pc-into-a-password-cracking-supercomputer/

REALITY CHECK
Before everyone starts screaming that the sky is falling, there’s numerous reasons why while this might be fascinating, it doesn’t impact most people in the corporate world.

  1. DOESN’T APPLY TO DOMAIN ACCOUNTS
    If your machine belongs to an Active Directory domain, and you’re using your machine with a domain user account, this isn’t usable against your account.  Your domain credentials do not have stored password hashes in the SAM but rather used a cached credential verifiers from your domain authentication that is not applicable to the brute force hash hacking techniques applied above. 

    This technology only works if the person running this password recovery tool is trying to get at a local machine account like the Local Administrator account.  This account will not have access to EFS encrypted documents, not will it compromise your domain account on the network.

  2. REQUIRES PHYSICAL ACCESS TO THE MACHINE
    In order to use this tool, you need to provide direct access to the SAM database file, which implies that you have physical possession of the machine in question with access to the system either by removing the hard drive or by booting up the computer in another operating system via USB Boot key or via CDROM.  If all of these scenarios are prevented, this tool is not usable.
  3. NOT USABLE AGAINST BITLOCKER ENABLED HARD DRIVES
    The technology implies that no user is using volume-level encryption.  Bitlocker within Windows Vista encrypts the disc top to bottom and is unlocked at boot through the usage of a USB key or the TPM chip onboard the computer.

Categories

%d bloggers like this: