Brute forcing IP address with the Cryptohaze Multiforcer
A few weeks ago, phillips321 had a problem. He wanted to brute force IP addresses. There was no good tool out there to do this, and brute forcing 4B+ MD5s is a bit slow on a CPU. So, he wrote a quick...
View ArticleCryptohaze tools 1.31 out - CUDA 4.2 release
New release. 1.31, with CUDA 4.2 compatibility and a few minor tweaks to work around a bug I found in 1.30 that involved some hashes not being found. It also includes the IP address brute forcing...
View Articlelibcurl linking errors on Windows?
Are you getting libcurl link errors on Windows that look like this?unresolved external symbol __imp__curl_easy_cleanup unresolved external symbol __imp__curl_easy_perform unresolved external symbol...
View ArticleNew builds - 1.31a, with GTX680 support!
Good news, everybody! The Cryptohaze downloads have gotten BIGGER! And there's another release. 1.31a.I've (theoretically) fixed a missing DLL in the Windows build, and I've added GTX680 (sm_30)...
View ArticleClik here to view.
Huh. That's... weird. Is it an OpenCL Multiforcer?
That's weird. What mix of hardware could be generating these speeds? It couldn't possibly be an ATI 6970, an nVidia GTX580, an nVidia GTX260, and an i7 processor all working TOGETHER, could it? It...
View ArticleCryptohaze Rainbow Table torrents
I realized that the old tracker I was using was dead, and my torrents were half old V1 tables, not the new V2 stuff I have. I've updated my torrent files for MD5/NTLM len6 and len7 - all of them should...
View ArticleCryptohaze via SSL
In theory, https://www.cryptohaze.com/ is now fully SSL enabled! Non-HTTPS links should transparently redirect to SSL. If you get any warnings, errors, or "non-SSL content from a SSL page" type...
View ArticleUsing oclHashcat-0.09 on Ubuntu 10.04
If you're a beta tester for oclHashcat-plus 0.09, you may have noticed that it doesn't work on older versions of Ubuntu. You'll probably get a glibc version error - something along the lines...
View ArticleClik here to view.
On EC2 instances and password cracking
The general wisdom, rightly so, is that EC2 GPU instances are awful ways to spend your dollars for password cracking. They're running obsolete Teslas, which are underclocked nVidias, which we all know...
View ArticleTorrents updated - please refresh your torrent files!
If you've downloaded the rainbow table torrents from http://cryptohaze.com/gpurainbowtables.php, please redownload them. You can put them in the same place and the torrent will resume. I gave up on...
View ArticleClik here to view.
154 Billion NTLM/sec on 10 hashes
It's a good day when you see the following on 10 hashes: Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7970 - for a total...
View ArticleClik here to view.
Hardware pictures from the crack-a-thon
Some hardware shots from yesterday of the more fun stuff... It was a fun afternoon!
View ArticlePassword salting: Why it matters
I'd like to take this afternoon to explain why salts matter so very much in password storage. Why am I qualified to write this? Because I write password cracking tools, and have focused on attacking...
View ArticleCryptohaze Rainbow Tables now available for purchase!
I've finally set things up to allow easy online purchase of the generated GPU rainbow tables. NTLM length 8 tables and MD5 length tables are both available now at...
View ArticleInstalling Cryptohaze on Amazon EC2 GPU instances
There have been a number of scattered requests to support my tools on EC2 GPU nodes in a more "supported" manner than the current set of hacks. I've written a script that will take an Amazon GPU node,...
View ArticleDefcon 2012!
I'll be there this afternoon! Just a reminder - my talk is at noon, Saturday, in P&T - if you want to meet in person & ask me questions, this would be a great time! Otherwise, feel free to ping...
View ArticleA call for password algorithm disclosure
Not even 24 hours after my Defcon talk, in which I expressed my opinion that password hashing policies should be disclosed, Twitter finds out that @UKTesco believes this is acceptable: Passwords are...
View ArticleClik here to view.
Cryptohaze Cloud Cracking Slides & Writeup
If you just want the slides of the talk, here you go:https://cryptohaze.com/slides/Cryptohaze%20DC20%20Final%20Slides.pdf If you're interested in a commentary on the slides, read on! In the event that...
View ArticleAn interesting identity verification threat, observed
A threat model I have occasionally considered for things in the past is the use of a system for identity verification. This could be verifying full stolen identities, or in the perhaps more common...
View ArticleCryptohaze MD5 and NTLM length 8 tables available for download!
After some work, a private tracker, and realizing that torrent clients have an upper size limit that is insanely small, I've got the MD5 and NTLM length 8 rainbow tables up as...
View ArticleClik here to view.
Cryptohaze now supports Lotus hashes!
New algorithm support (and what I believe is the fastest implementation out there at this point in time): Lotus Domino hashes. Unsalted only, for now. Performance, in a system with an AMD 6990 (43M/s...
View ArticleDefcon 2012 Cryptohaze Cloud Cracking video
You can find it here: http://www.youtube.com/watch?v=UHk2lMF7-H4 Enjoy!
View Articlenvcc, OS X, clang, and dumpspecs
If you are building with nvcc on OS X and get errors along the lines of "clang error: unsupported option '-dumpspecs'" - welcome to the new build world. The best fix I've found so far is to replace the...
View ArticleClik here to view.
eWAY Plaintext Passwords & Transaction Security
Updates from 4 days after this post went live, from eWAYDear Bit WeasilWe would just like to respond to the concerns raised in your blog post on 16 January. We appreciate the updates to your post since...
View ArticleeWAY: Security concern response done right
I'm absolutely blown away by how eWAY responded to my last post concerning some security issues and concerns I had with their site. They've radically exceeded my wildest hopes for resolution of the...
View Article
