On Wed, 24 Oct 2007 13:25:29 -0400 "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
> From: > > <http://www.elcomsoft.com/EDPR/gpu_en.pdf> > > Moscow, Russia - October 22, 2007 - ElcomSoft Co. Ltd. has > discovered and filed for a US patent...Using the "brute force" > technique of recovering passwords, it was possible, though > time-consuming, to recover passwords from popular > applications. For example...Windows Vista uses NTLM hashing > by default, so using a modern dual-core PC you could test up to > 10,000,000 passwords per second, and perform a complete > analysis in about two months. With ElcomSoft's new technology, > the process would take only three to five days..Today's [GPU] > chips can process fixed-point calculations. And with as much as > 1.5 Gb of onboard video memory and up to 128 processing > units, these powerful GPU chips are much more effective than > CPUs in performing many of these calculations...Preliminary > tests using Elcomsoft Distributed Password Recovery product > to recover Windows NTLM logon passwords show that the > recovery speed has increased by a factor of twenty, simply by > hooking up with a $150 video card's onboard GPU. > I hope they don't get the patent. The idea of using a GPU for cryptographic calculations isn't new; see, for example, "Remotely Keyed Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted Hardware" (http://www1.cs.columbia.edu/~angelos/Papers/2005/rkey_icics.pdf) Debra L. Cook, Ricardo Baratto, and Angelos D. Keromytis. In Proceedings of the 7th International Conference on Information and Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing, China. An older version is available as Columbia University Computer Science Department Technical Report CUCS-050-04 (http://mice.cs.columbia.edu/getTechreport.php?techreportID=110&format=pdf&), December 2004. --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]