Breaking GPUs: When Is A Hash Not Just A Single Hash?
Password hashes can be cracked with GPUs. How? Because GPUs have multiple cores, and each core can be used to split a hashing task up. The NVIDIA GeForce RTX 3080, for example, has over 8,700 cores. Thus if it takes 8,700 days to crack a hash, we could crack it in just a day with a single GeForce RTX 3080 GPU. If we add more GPUs we can cut it down each more.
So how do we stop GPUs from cracking hashes? Well, we can put the hash into a loop, and where we have to hash a given number of times. This significantly reduces the opportunity to crack the hash with a GPU as we now cannot parallelize the process. Now we can only use one core to compute each hash. So let’s look at the different methods for the hashing methods.
For MD5 crypt, we have a format which is defined between “$” symbols. A sample hash is “$1$Y6tL9oGA$FoYF9naVmbEd29gU915J00”, and which has the fields of [here]:
- Type: 1 (MD5 crypt).
- Salt: Y6tL9oGA.
- Hash: FoYF9naVmbEd29gU915J00.
We can test with OpenSSL for a password of “hello123”:
% openssl passwd -1 -salt Y6tL9oGA hello123
$1$Y6tL9oGA$FoYF9naVmbEd29gU915J00For bcrypt, we have a cost value, and which relates to a number of rounds. A sample hash is…
