z3r0t0l0rence
Omnipotent Enthusiast
- Total Posts : 9599
- Reward points : 0
- Joined: 2009/10/08 10:14:51
- Location: Arizona
- Status: offline
- Ribbons : 20
i7 930 OC 4.21 EVGA E758 GSkill 12GB Evga GTX 780 SC 2x Kingston 240 Raid 0 2x Seagate 4TB
|
Rudster816
CLASSIFIED Member
- Total Posts : 4353
- Reward points : 0
- Joined: 2007/08/03 22:07:51
- Location: Eastern Washington
- Status: offline
- Ribbons : 18
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/08 15:13:14
(permalink)
Im not sure about the others, but there is no way your going to be able to crack any modern encryption algorithm or hash function by any means in a reasonable time frame via brute force. A dictionary attack is certainly possible, but most people are using some type of multi-word\number\symbol\caps password, so unless you get lucky and the password is just a single english word without any special symbols\casing\numbers, your SOL.
It would take all the computers in the world 100's of years in order to crack modern algorithms with shear brute force, and most algorithms have been analyzed for years without any vulnerabilities found.
[22:00:32] NordicJedi: the only way i can read this chatroom is if i imagine you're all dead  
|
luv2increase
CLASSIFIED ULTRA Member
- Total Posts : 5279
- Reward points : 0
- Joined: 2008/12/31 16:26:56
- Status: offline
- Ribbons : 8
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/08 22:28:23
(permalink)
There is no way on earth it would be able to crack "any" of my TrueCrypt volumes.
Some are 256-bit AES only -> System Drive
"All" other are 256-bit AES, Twofish and Serpent with HMAC-Whirpool!!! That with a crazy long, crazy combination password like I have would literally take every computer on earth millions of years to crack!
Who do these ppl think they are kidding? :)
HEATWARE - Intel Core i7 920 @ 4.1Ghz 24/7 * Have x5650 Xeon 6c/12t want to install!!! - Corsair Dominator 12GB - EVGA x58 Classified 760 - MSI GTX 960 - MegaRAID 9260-8i Raid Card - 4 x Samsung 850 EVO 120GB in Raid-0 - 4 x Samsung EcoGreen 1.5TB - Thermaltake Toughpower 1200W - IKONIK Ra X10 SIM - Pioneer BD-RW - 46" Samsung LN46A630 1080p - Windows 10 Professional Build 10147
|
SirMaster
CLASSIFIED Member
- Total Posts : 2321
- Reward points : 0
- Joined: 2006/07/01 23:58:20
- Location: Sussex, WI
- Status: offline
- Ribbons : 21
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/08 22:53:40
(permalink)
|
lehpron
Regular Guy
- Total Posts : 16254
- Reward points : 0
- Joined: 2006/05/18 15:22:06
- Status: offline
- Ribbons : 191
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/08 22:59:59
(permalink)
Companies don't build a product then wait for customers to buy it. A lot of money is going into projects like this, investors and shareholders especially need gaurantees like pre-existing demand. This latter part people around here seem to forget, let alone consider: Virturally every company will wait for demand before doing anything, meaning it doesn't matter if we don't get what is already being put to use.  If the only real factor in password breaking is time, then with enough hardware operating at once and that GPGPU tech is only improving, I have a hard time with the idea that products like this are unrealistic or impractical.
post edited by lehpron - 2010/09/08 23:02:20
|
TheCrazyCanuck
CLASSIFIED Member
- Total Posts : 2194
- Reward points : 0
- Joined: 2006/04/16 12:54:44
- Location: Texas Yee-Haw!
- Status: offline
- Ribbons : 4
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/08 23:46:07
(permalink)
hehe I just had a deja vous experience after reading lehpron's post :)
I'm not an expert in cryptography but what I do know matches with what SirMaster said. Brute force combined with dictionary attacks are not 100% effective but given the average user password, their lack of knowledge of what makes a password difficult to crack, and efficient hardware cracking platforms like GPGPU I wouldn't rule anything out.
|
SirMaster
CLASSIFIED Member
- Total Posts : 2321
- Reward points : 0
- Joined: 2006/07/01 23:58:20
- Location: Sussex, WI
- Status: offline
- Ribbons : 21
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/09 06:45:55
(permalink)
TheCrazyCanuck
hehe I just had a deja vous experience after reading lehpron's post :)
I'm not an expert in cryptography but what I do know matches with what SirMaster said. Brute force combined with dictionary attacks are not 100% effective but given the average user password, their lack of knowledge of what makes a password difficult to crack, and efficient hardware cracking platforms like GPGPU I wouldn't rule anything out.
Right. Though strong passwords and practices like salting the hashes make it much harder to use things like rainbow tables and brute force but there are other attacks that exist. Also I like this relevent comic: http://imgs.xkcd.com/comics/security.png
post edited by SirMaster - 2010/09/09 06:50:19
|
rhussain
FTW Member
- Total Posts : 1679
- Reward points : 0
- Joined: 2009/07/17 06:58:49
- Location: Infinite Loop
- Status: offline
- Ribbons : 7
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/09 07:11:04
(permalink)
honestly if someone wanted to break into your house and have physical acess to your machine, I dont think they would waste time trying to crack your encryption. They would most likely just grab the entire pc and leave LOL. the best protection is to bolt your case to the ground or stick it inside of a cabinet (rackmount, with room for pc's) and lock it down. Brute force iso nly powerful as the dictionary you're using. Modern password encryptions could be cracked, but they are difficult/timely to decrypt. 128bit can easily be cracked. AES 256 is far difficult. I cant go into specifics here, the process is forbidden/illegal and DOES NOT involve dictionary attacks. If you want to know more about how it works visit the backtrack forums. There si a thread that examine all levels of password encryption on popular OS's and tools including truecrypt.
post edited by rhussain - 2010/09/09 07:17:55
|
Rudster816
CLASSIFIED Member
- Total Posts : 4353
- Reward points : 0
- Joined: 2007/08/03 22:07:51
- Location: Eastern Washington
- Status: offline
- Ribbons : 18
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/09 08:22:38
(permalink)
rhussain
honestly if someone wanted to break into your house and have physical acess to your machine, I dont think they would waste time trying to crack your encryption. They would most likely just grab the entire pc and leave LOL. the best protection is to bolt your case to the ground or stick it inside of a cabinet (rackmount, with room for pc's) and lock it down.
Brute force iso nly powerful as the dictionary you're using. Modern password encryptions could be cracked, but they are difficult/timely to decrypt. 128bit can easily be cracked. AES 256 is far difficult. I cant go into specifics here, the process is forbidden/illegal and DOES NOT involve dictionary attacks. If you want to know more about how it works visit the backtrack forums. There si a thread that examine all levels of password encryption on popular OS's and tools including truecrypt.
AES in itself can not be cracked in a reasonable time time frame with any amount of computing power thats reasonable for even a government. The encryption protocol can be attacked, but that has nothing to do with the encryption algorithm. AES-192 and AES-256 do have a related-key "vulnerability" (AES-128 does not however). With this attack you can crack something encrypted via AES-256 with a complexity of 2^99.5, and AES-192 with a complexity of 2^176. So with this attack, AES-256 is actually the weakest of AES versions. Also, cracking encryption algorithms isnt illegal in any way whatsoever, and in fact, is encouraged in order to create better algorithms. And AES-128 in itself is 99.999999% secure. Dont go running your mouth saying that AES-128 can be "easily cracked" when you have no idea what your talking about. Also, a non dictionary\brute force attack is attacking the protocol (as mentioned earlier) and would be just as vulnerable in AES-256 as in AES-128. Oh, and a brute force attack isnt a dictionary attack, so how is a brute force attack only as powerful as the dictionary your using? A brute force attack attempts to find the key by trying all possible combination, and comparing it to a unencrypted version or fragment, it doesnt use any type of insight as to what the password might be because it doesnt try passwords, it just tries the actual key used for encryption.
[22:00:32] NordicJedi: the only way i can read this chatroom is if i imagine you're all dead
|
rhussain
FTW Member
- Total Posts : 1679
- Reward points : 0
- Joined: 2009/07/17 06:58:49
- Location: Infinite Loop
- Status: offline
- Ribbons : 7
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/09 08:31:36
(permalink)
Good info Rudster816, however I can prove to you that AES 128 is quite easy to crack, but not in all scenarios. For example bitlocker/filevault on the windows/mac OS utilizes AES 128bit encryption. Now it is illegal for me to explain the process since it violates microsoft/apple's EULA. Here is a paper from a scientist at Princton University explaining exactly how it works. These are exploits carried out on the data that remains on RAM/OS in order to manipulate the encryption method, using the "Cold Boot" attack. But like I said before it wont work in every scenario. Apple has found a way to prevent this by enabling secure erase virtual ram by default.
[link=http://citp.princeton.edu.nyud.net/pub/coldboot.pdf]http://citp.princeton.edu.yud.net/pub/coldboot.pdf [/link]
post edited by rhussain - 2010/09/09 08:37:36
|
SirMaster
CLASSIFIED Member
- Total Posts : 2321
- Reward points : 0
- Joined: 2006/07/01 23:58:20
- Location: Sussex, WI
- Status: offline
- Ribbons : 21
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2010/09/09 10:21:53
(permalink)
rhussain
Good info Rudster816, however I can prove to you that AES 128 is quite easy to crack, but not in all scenarios. For example bitlocker/filevault on the windows/mac OS utilizes AES 128bit encryption. Now it is illegal for me to explain the process since it violates microsoft/apple's EULA. Here is a paper from a scientist at Princton University explaining exactly how it works. These are exploits carried out on the data that remains on RAM/OS in order to manipulate the encryption method, using the "Cold Boot" attack. But like I said before it wont work in every scenario. Apple has found a way to prevent this by enabling secure erase virtual ram by default.
[link=http://citp.princeton.edu.nyud.net/pub/coldboot.pdf]http://citp.princeton.edu.yud.net/pub/coldboot.pdf [/link]
I was talking about these methods earlier and I wouldn't call this "cracking the encryption". Using this method of attack, it would not mater what type or how strong of encryption was used. The attack is that the key is obtainable through memory and the real key is then used to decrypt the data. It wouldn't matter even if the key was several kilobits long.
|
wrenSmith
New Member
- Total Posts : 1
- Reward points : 0
- Joined: 2019/03/19 20:01:50
- Status: offline
- Ribbons : 0
Re: GPU acceleration of RAR, TrueCrypt, and Office 2010 password recovery
2019/03/19 20:16:52
(permalink)
The GPU has nothing to do with . If the rar password you use is complex, it takes more time to unlock. Otherwise, you don't need to spend too much time. There are many free ways to unlock rar, like using notepad and password-online. It is wise to use the software if the free method does not work. 
post edited by wrenSmith - 2019/03/22 00:55:39
|