Comments on: Graphics Cards - The Next Big Thing for Password Cracking?

By: zupakomputer

zupakomputer — Thu, 14 Feb 2008 23:00:01 +0000

re: taking over consoles - if that were done they could be used to do a lot of processing; the PS3s for example are utilised on a sort of passive sleep mode (unused clock cycles & when not in use) to do the folding@home mentioned.

This topic area is bound to get all the more interesting as the graphics cards continue to get more powerful - there’s now triple SLI, and DDR3 RAM on them is more and more common.
Also, the high-end gaming PC is becoming more common too with folks buying them off the shelf! So not as security-conscious as may be thought.
Add in ever growing interest in bit-torrent and there’s a huge potential for those botnets to operate on.

(not entirely on-topic but of interest - the gaming card Killer NIC is a linux-running network card that does packet prioritising for gaming, and enables things like down/up loading all without calling on the CPU; it was UDP-only on launch, but it comes with a kit - I’m not sure how much tweaking etc has been achieved as yet but it certainly caught my eye anyway when I read about it.)

By: eM3rC

eM3rC — Wed, 13 Feb 2008 03:00:16 +0000

@Sir Henry
No I have not heard of that. Sounds very interesting. I remember when cellphone viruses were a big deal. I guess the hackers have moved on.

What would be the point of hacking a Wii or PS3 aside for pissing a lot of people off? I could see maybe with an XBox live account you could use the credit card on the account to buy a lot of games but other than that I still don’t see a reason for it.

By: Sir Henry

Sir Henry — Fri, 14 Dec 2007 18:45:01 +0000

@Nobody_Holme:

Have you seen any news out there about malware being crafted specifically for the Wii (or PS3 for that matter)? Not personally knowing the base OS/kernel for these consoles, I wonder what kinds of “proof-of-concept” examples are out there for these.

By: Nobody_Holme

Nobody_Holme — Mon, 12 Nov 2007 16:53:58 +0000

That could be tasty… console owners suck at security mostly… Case in point is my housemate’s Wii… He runs it on our wireless network, the security settings on the switch for which are all off, to let me play… But the Wii itself looks to have no firewall or protection from malware at all… admittedly, neither does it have much proccessing power, but then, botnets dont need all that much power in each component if they have access to enough units, so…

I think i’ll be watching network traffic more closely for a while now i’ve said this…

By: Pantagruel

Pantagruel — Mon, 12 Nov 2007 12:12:32 +0000

Like -Foo- and -James- already mention, age old news. Both Nvidia and Ati released their GPU toolkits quite a while ago.
Ofcourse I would be very interested to see the first p0wn3d SLI setup.
It’s my guess however that PS3 owners will be a more suitable target, heaps of computing power, networked by default and quite a user base.
All we have to do is wait for a real world PS3 exploit to turn them in to botnet drones.

By: Nobody_Holme

Nobody_Holme — Sat, 10 Nov 2007 15:04:37 +0000

People with really fancy gaming rigs are usually fairly sensible, and thus immune to being botnetted… at least, I hope they are. I cant wait for the GPU manufacturers to come up with something to “stop” this…

By: normalsecrecy

normalsecrecy — Fri, 09 Nov 2007 21:00:03 +0000

so does this mean we need to be concerned about botnets exploiting graphics cards on sweet gamer pc setups? just think how powerful a distributed cracker would be. passwords would be jacked in seconds! scary cool development.

By: James

James — Fri, 09 Nov 2007 19:52:55 +0000

Very old news Folding@home have being running code on GPU’s(ATI X1900,PS3’s Cell processor) since 2006. And there’s a paper from the
IEEE called ‘FDTD calculations using graphical processing units’ dated April 2005. Anyway rainbow tables are still the quickest and most cost effective way to crack hashes.
P.S.
It would be better use of your GPU to generate said tables.
If anyone wants more info on this Google ‘GPGPU’ or ‘General-Purpose Computation Using Graphics Hardware’

By: Foo

Foo — Fri, 09 Nov 2007 19:49:35 +0000

Applying the vector processing of GPGPU for password cracking is as old as the talk of GPGPU’s. Schneier covered this a few weeks ago and the commentary was very good:

http://www.schneier.com/blog/archives/2007/10/speeding_up_pas.html

By: dirty

dirty — Fri, 09 Nov 2007 17:00:11 +0000

Read this article a couple of weeks ago about this GPU cracking…
My fav quote is from John Callas from Columbia University(NYC)…”Once you’ve shown you can do cryptography with a graphics card Latest News about graphics card, doing cryptanalysis with a graphics card is really the same sort of thing,” he reasoned.
“Once you’ve heard you can make a frozen daiquiri with a blender, it’s like saying the frozen Pina Colada is a new invention,” he analogized. “It’s not really a new invention. It’s changing the ingredients and realizing the blender works that way.”

Anyway its still interesting nonetheless and whether or not its patentable, I definitely think this is going to prove to be useful.