Hacker Blog

Elcomsoft has released a new piece of software called Distributed Password Recovery for brute forces or cracks passwords by utilizing the graphic cards on newer NVIDIA graphics cards. From their site they claim,

“NVIDIA GPU acceleration (patent pending) reduces password recovery time by a factor of 20“

Elcomsoft lives up to their word. If you were to take a NVIDIA GeForce 8800gts and pair it against an AMD Turion tl-60 (65nm) you would see a massive difference. The GPU would average 200,000,000 passwords a second while the CPU would average 6,000,000 passwords per second. That’s means the GPU would outperform the CPU by 33 times!

We could just step back and be amazed at how well this does but Elcomsoft also allows us to run this through grid computing, so we can run an entire farm of computers at once and get even faster times.

If you had 20 computers running this grid network to crack an NTML password it would try four billion passwords a second.

To put things in perspective:

Cracking a typical 8 character NTLM hash (alpha numerical lowercase)

• AMD Turion using John the Ripper: 5.2 days
• NVIDIA GeForce 8800gts using DPR: 3:42 hours (even faster using grid computing)

Cracking a typical 12 character NTLM hash (alpha numerical lowercase)

• AMD Turion using John the Ripper: 18.5 years
• NVIDIA GeForce 8800gts using DPR: 194 days
  (if you were to use grid computing of 20 computers this would only take 9.7 days)

downside – its not open source
It costs quite a bit too! They charge by how many clients you want to add to your grid as well. One other catch is that your GPU must support “streaming processing” meaning anything older than the 8000 series will not work.

I have little doubt that we will be seeing something like this from the open source community. It will most likely be even better since we will be able to run any program we like and outsource the processing to the GPU.

When this happens we could create a system modeled after Folding@Home. Imagine if we made a distributed network of a couple thousand clients sharing their GPU processing in a combined effort. BOINC has done a wonderful job at tracking how much individuals contribute to grid computing; we could have a reward system to top contributers to use the system more.

I look forward to seeing this come alive once some brilliant GPL programmers come along to pick this up!

-Cheers

On the 12th another remote security flaw was pointed out by Michael Brooks. (code)

I am astounded at how little DD-WRT understands security. It is a shame so many people are using it as their firmware over openwrt.

Exploits are uncovered all the time. It is never a good to find out that you have security problems but, sometimes it just happens. The problem is, DD-WRT is especially bad at writing secure code. This is because DD-WRT does not understand security.

DD-WRT was shown the code to exploit their software and they didn’t comprehend what the issue was.

DD-WRT’s first response on SecurityFocus about the exploit was: (link)

this is no security flaw since you must be already logged in within the web interface of dd-wrt. otherwise this here will not work. we already fixed this issue in our sourcetree

as additional information. this is no dd-wrt specific issue. all other firmware like openwrt etc. would suffer from it too.

in fact. just a plain POST to a authenticated dd-wrt session. without being logged in locally it would not have any effect

Which soon met the criticism of multiple people who actually knew what they were talking about: (link)

oh god – you dd-wrt people sucks so much. its unbelievable in which way you are handling security advisories. if you would be able to make a post without authentication it would be much worst. I would recommend to read www.owasp.org

another example for the bad security work of the dd-wrt guys are one this forum post: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=35783&postdays=0&postorder= asc&start=0

bitmage discovered that in every fresh release and every custom firewall two other rules are added in front of all. the rules will allow every service on the dd-wrt router from the ip 194.231.229.20 and from the ip 212.65.2.116

some workarounds exist, I didnt test any of them, because dd-wrt isnt trustworth anymore for me. I can confirm this flaw in the latest stable vpn release.

please note the workarounds from the main developer from dd-wrt:
“even I see no reason for this. these ip addresses arent valid anymore. It seems that Chris implemented this for a customer. i removed it now” (they are still in the default install image)
“nvram unset ral nvram commit ”
“there is no security hole. both ip’s are not active anymore and obsolete since a long time. ”
“i will lock this thread now. a new release is scheduled soon (within this or next week), but you cannot force me to release buggy code based on the current internal tree.thats my last statement on this topic” (Posted: Tue Aug 19, 2008 10:57 pm)

I recommend everyone to not use dd-wrt anymore, at least as long as they didnt change their politics and stops talking bullshit “there is no security hole”

cheers

If you want you can read more (I suggest you do) click here to view the more responses to dd-wrt.

Later in the correspondence the DD-WRT jokers claim to patch it. Since they dont know what the issue is they do not patch the right thing and are shown there error.. again.

My issue is not that there was an exploit, it is that DD-WRT does not understand the nature of the exploit. This exploit is actually a variant of a past exploit that they misspatched due to not understanding securtiy.

If you choose to run DD-WRT never use remote admin. (ever) It may be easier to use DD-WRT over openwrt but, after all these problems I doubt it will ever be as secure.

(another good article on the evils of DD-WRT, this time for not living up to open source morals, can be found at BitSum)