在线观看肉片AV网站免费_97在线中文字幕免费公开视频_人妻无码二区自慰系列_高清无码黄色在线网站

一個德國安全愛好者使用租用的計算機資源來破解用 SHA1 散列算法生成的單向散列。而這種隨用隨付的計算機資源破解一個 SHA1 散列只需 2 美元。

Thomas Roth 使用基于 GPU 的付費計算機資源來暴力破解 SHA1 散列。密碼專家警告說，最少在五年以后，SHA-1 就已經(jīng)不能被認為是安全的散列算法，Roth 的實驗的意義不在于他達到了什么目的、用了哪種攻擊方式（實際上只是暴力破解），而是他使用了先進的技術(shù)。

像這樣以前需要全世界花費數(shù)月時間、大量人力物力的項目，現(xiàn)在只需一人用租用的計算機資源在幾分鐘內(nèi)就可以完成，而且只需花費區(qū)區(qū) 2 美元。他用這點錢就租用到了一堆極強的圖形處理器，并使用 Cuda-Multiforcer 破解了密碼。

以下為詳細說明：

As of today, Amazon EC2 is providing what they call "Cluster GPU Instances":  An instance in the Amazon cloud that provides you with the power of two NVIDIA Tesla “Fermi” M2050 GPUs. The exact specifications look like this:

GPUs are known to be the best hardware accelerator for cracking passwords, so I decided to give it a try: How fast can this instance type be used to crack SHA1 hashes?

Using the CUDA-Multiforce, I was able to crack all hashes from this file with a password length from 1-6 in only 49 Minutes (1 hour costs 2.10$ by the way.):

1. Compute done: Reference time 2950.1 seconds  
2. Stepping rate: 249.2M MD4/s  
3. Search rate: 3488.4M NTLM/s  

This just shows one more time that SHA1 for password hashing is deprecated - You really don't want to use it anymore! Instead, use something like scrypt or PBKDF2! Just imagine a whole cluster of this machines (Which is now easy to do for anybody thanks to Amazon) cracking passwords for you, pretty comfortable  Large scaling password cracking for everybody!

If I find the time, I'll write a tool which uses the AWS-API to launch on-demand password-cracking instances with a preconfigured AMI. Stay tuned either via RSS or via Twitter.

Installation Instructions:

I used the "Cluster Instances HVM CentOS 5.5 (AMI Id: ami-aa30c7c3)" machine image as provided by Amazon (I choosed the image because it was the only one with CUDA support built in.) and selected "Cluster GPU (cg1.4xlarge, 22GB)" as the instance type. After launching the instance and SSHing into it, you can continue by installing the cracker:

I decided to install the "CUDA-Multiforcer" in version 0.7, as it's the latest version of which the source is available. To compile it, you first need to download the "GPU Computing SDK code samples":

1. # wget 
2. http://developer.download.nvidia.com/compute/cuda/3_2/
3. sdk/gpucomputingsdk_3.2.12_linux.run
4. # chmod +x gpucomputingsdk_3.2.12_linux.run  
5. # ./gpucomputingsdk_3.2.12_linux.run  
6. (Just press enter when asked for the installation directory and the CUDA directory.)  

Now we need to install the g++ compiler:

1. # yum install automake autoconf gcc-c++  

The next step is compiling the libraries of the SDK samples:

1. # cd ~/NVIDIA_GPU_Computing_SDK/C/  
2. # make lib/libcutil.so  
3. # make shared/libshrutil.so 

Now it's time to download and compile the CUDA-Multiforcer:

1. # cd ~/NVIDIA_GPU_Computing_SDK/C/  
2. # wget http://www.cryptohaze.com/releases/CUDA-Multiforcer-src-0.7.tar.bz2 -O src/CUDA-Multiforcer.tar.bz2  
3. # cd src/  
4. # tar xjf CUDA-Multiforcer.tar.bz2  
5. # cd CUDA-Multiforcer-Release/argtable2-9/  
6. # ./configure && make && make install  
7. # cd ../  

As the Makefile of the CUDA-Multiforcer doesn't work out of the box, we need to open it up and find the line

1. CCFILES := -largtable2 -lcuda  

Replace CCFILES with LINKFLAGS so that the line looks like this:

1. LINKFLAGS := -largtable2 -lcuda  

And type make. If everything worked out, you should have a file ~/NVIDIA_GPU_Computing_SDK/C/bin/linux/release/CUDA-Multiforcer right now. You can try the Multiforcer by doing something like this:

1. # export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH  
2. # export LD_LIBRARY_PATH=/usr/local/cuda/lib64:$LD_LIBRARY_PATH  
3. # cd ~/NVIDIA_GPU_Computing_SDK/C/src/CUDA-Multiforcer-Release/  
4. # ../../bin/linux/release/CUDA-Multiforcer -h SHA1 -f test_hashes/Hashes-SHA1-Full.txt --min=1 --max=6 -c charsets/charset-upper-lower-numeric-symbol-95.chr  

Congratulations, you now have a fully working, CUDA-based hash-cracker running on an Amazon EC2 instance.