Re: Elcomsoft trying to patent faster GPU-based password cracker

2007-10-26 Thread Ilya Levin 
I'm not affiliated with Elcomsoft and don't know their real
intentions, but what they are trying to do is perfectly reasonable.
Once they release a commercial product with such feature it is only a
matter of time until Microsoft or some other patent troll will run for
a patent and start suing. So, having the patent beforehand will
address this matter. It still would be beneficial even if Elcomsoft
will fail this patent application, because it will make any future
such applications disputable.

Ilya
---
http://www.literatecode.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Password vs data entropy

2007-10-26 Thread Alex Pankratov 
Say, we have a random value of 4 kilobits that someone wants 
to keep secret by the means of protecting it with a password. 

Empirical entropy estimate for an English text is 1.3 bits of 
randomness per character, IIRC.

Assuming the password is an English word or a phrase, and the 
secret is truly random, does it mean that the password needs 
to be 3100+ characters in size in order to provide a "proper"
degree of protection to the value ? 

Or, rephrasing, what should the entropy of the password be 
compared to the entropy of the value being protected (under
whatever keying/encryption scheme) ? 

I realize that this is rather .. err .. open-ended question, 
and it depends on what one means by "protected", but I'm sure 
you can see the gist of the question. How would one deem a
password random enough to be fit for protecting an equivalent
of N bits of random data ? Is it a 1-to-1 ratio ?

Thanks,
Alex

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Elcomsoft trying to patent faster GPU-based password cracker

2007-10-26 Thread Angelos D. Keromytis 

Actually, there's a slightly earlier paper:

"CryptoGraphics: Secret Key Cryptography Using Graphics Cards"
Debra L. Cook, John Ioannidis, Angelos D. Keromytis, and Jake Luck. In 
Proceedings of the RSA Conference, Cryptographer's Track (CT-RSA), pp. 
334 - 350. February 2005, San Francisco, CA. An older version is 
available as Columbia University Computer Science Department Technical 
Report CUCS-002-04.


You can get it from 
http://www1.cs.columbia.edu/~angelos/Papers/2004/gc_ctrsa.pdf

-Angelos

Steven M. Bellovin wrote:

On Wed, 24 Oct 2007 13:25:29 -0400
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:


From:

   

  Moscow, Russia - October 22, 2007 - ElcomSoft Co. Ltd. has
  discovered and filed for a US patent...Using the "brute force"
  technique of recovering passwords, it was possible, though
  time-consuming, to recover passwords from popular
  applications. For example...Windows Vista uses NTLM hashing
  by default, so using a modern dual-core PC you could test up to
  10,000,000 passwords per second, and perform a complete
  analysis in about two months. With ElcomSoft's new technology,
  the process would take only three to five days..Today's [GPU]
  chips can process fixed-point calculations. And with as much as
  1.5 Gb of onboard video memory and up to 128 processing
  units, these powerful GPU chips are much more effective than
  CPUs in performing many of these calculations...Preliminary
  tests using Elcomsoft Distributed Password Recovery product
  to recover Windows NTLM logon passwords show that the
  recovery speed has increased by a factor of twenty, simply by
  hooking up with a $150 video card's onboard GPU.


I hope they don't get the patent.  The idea of using a GPU for
cryptographic calculations isn't new; see, for example, "Remotely Keyed
Cryptographics: Secure Remote Display Access Using (Mostly) Untrusted
Hardware" (http://www1.cs.columbia.edu/~angelos/Papers/2005/rkey_icics.pdf)
Debra L. Cook, Ricardo Baratto, and Angelos D. Keromytis. In
Proceedings of the 7th International Conference on Information and
Communications Security (ICICS), pp. 363 - 375. December 2005, Beijing,
China. An older version is available as Columbia University Computer
Science Department Technical Report CUCS-050-04
(http://mice.cs.columbia.edu/getTechreport.php?techreportID=110&format=pdf&;),
December 2004.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]