MD5 CUDA by n VIDIA BARSWF NETWORK SECURITY

MD5  Designer Ronald L. Rivest  Published April 1992  Digest size 128 bits  Rounds 4  ReplacesMD4  SeriesMD, MD2, MD3, MD4, MD5, MD6  UsageCheck Integrity of Files Digital Signatures Password Storage Security Applications including : GPG, KERBEROS, TLS/ SSL, RADIUS

MD5 ALGORITHM  Produces an one way cryptographic hash of a message  Processes a variable-length message into a fixed-length output of 128 bits 1. The input is divided in blocks of 512 bits 2.The last block of the message is padded so that its length in bits is congruent to 448 mod 512 Padding consists of a single bit, 1, followed by as many necessary 0 bits 3. The remaining bits are filled up with a 64-bit integer representing the length of the original message  A, B, C, D are 32-bit long words  Operates in 4 rounds of 16 operations

MD5 ALGORITHM  There are four possible functions  A, B, C, D are mixed with F, G, H, I  A different function is used on each round M i denotes a 32 –bit word of the current block K i denotes a 32 –bit constant <<< s denotes a cyclical left shift of s bits denotes an addition mod 2 32 denote the XOR, AND, OR, NOT operations k[i] := floor(abs(sin(i + 1)) × (2 pow 32))

MD5 VULNERABILITY Birthday Paradox  To find the probability of two independent events we have to multiply the probability of each of the events together. The chance of tossing two heads on a coin is 1/2 x 1/2 = 1/4, or 1 in 4 or 25%  In case we have 30 children in a classroom, the chance of two of them having birthday the same day is more than 50% In case the first person has birthday Nov 9 The probability of the second person having birthday a different day is 364/365 For the third person having birthday a different day is363/365 The probability of 23 children not having birthday the same day is 364*363*362*…*343/ or 49%

MD5 VULNERABILITY Birthday Attack  The goal is given a function f, to find two different inputs x1, x2 such that f(x1)=f(x2) For a 64 –bit hash we have 1.8 x possible outputs For a 128 –bit hash we have 3.4 x possible outputs  In case we have 50% probability of random collision For a 64 –bit hash it would take 5.1 x 10 9 attempts For a 128 –bit hash it would take 2.2 x attempts  MD5 has a Collision Attack complexity of 2 32 = 4,294,967,296 = 4,29 *10 9

MD5 VULNERABILITY Tunnels in Hash Functions  Published by Vlastimil Klima in 2006  The idea behind this method is to create MD5 collisions using tunnels in the existing multi-message modification methods. We modify the 3 rd and 4 th step in order to manipulate the result  An Intel 1.6 GHz can create an MD5 collision in less than a minute  This method is not limited only in MD5 but can be applied in SHA –x series as well

CUDA Compute Unified Device Architecture

CUDA GPU vs. CPU

CUDA Advantages  Scattered reads - reads from arbitrary addresses in memory  Shared memory - 16KB fast shared memory GDDR3,GDDR5  Faster downloads and readbacks from the GPU  Full support of integer and bitwise operations

CUDA Programming Language: C for CUDA Compiler: PathScale Open64 Supports: OpenCL, DirectCompute Development: CUDA Toolkit Wrappers: Python, Fortran, Java, Matlab Works on: NVIDIA GPUs, G8X series or later

CUDA GPU vs. CPU  Specialized for math-intensive highly parallel computation  GPU threads are extremely lightweight with very little overhead  GPU handles 100’s of cores and 1000’s of threads vs. a few of CPU  GPU memory is faster than the main memory of the system

CUDA GPU vs. CPU HOW CAN HARDWARE MAKE THE DIFFERENCE

Hardware Specifications Alienware M17x Processor: Intel Core2 Duo 2.8 GHz Overclocked 3.55 GHz Front Side Bus: 1066 MHz 1291 MHz Cash Level 2: 6 MB Number of Cores: 2 Number of threads: 2

Hardware Specifications Alienware M17x Memory: Samsung PC MHz 1291 MHz Size: 4 GB Type: DDR3 FSB:DRAM 1:2 Timings:

Hardware Specifications Alienware M17x Graphics Card – Integrated Manufacturer: NVIDIA Model:GeForce 9400M G Code Name: MCP79MX Bus Interface: Integrated Memory: 256 DDR3 (shared) Core Speed: 580 MHz Shader Speed: 1400 MHz Memory Speed: 1333 MHz Memory Bandwidth: 21.1 GB/s Bus Width: 128 bit GFLOPs: 52.8

Hardware Specifications Alienware M17x Graphics Card – Dedicated Manufacturer: NVIDIA Model:GeForce GTX 280M Code Name: G92b Bus Interface: PCIe 2.0 x 16 Memory: 1024 GDDR3 Core Speed: 585 MHz Shader Speed: 1463 MHz Memory Speed: 1900 MHz Memory Bandwidth: 60.8 GB/s Bus Width: 256 bit GFLOPs: 562

Hardware Specifications Alienware M17x Operating System: Windows 7 Professional x64 NVIDIA drivers: ForceWare Beta

Step by Step Installation Drivers Install Very important not to leave previous drivers installed 1.Enter Safe Mode press F8 before Windows start booting and choose safe mode 2.From the Programs and Features uninstall the PhysX and the NVIDIA display drivers 3.Reboot and enter Safe Mode again 4.Run Driver Sweeper to remove any remaining DLLs or other files from the drivers 5.Run CCleaner to remove any files left and clean the Windows registry from any values left 6.Reboot and enter Normal Mode to install the latest drivers

Step by Step Installation NVIDIA Drivers Configuration 1.Right Click on the desktop and click NVIDIA Control Panel 2.Under the 3D Setting, on Set SLI and PhysX configuration we disable both of them 3.We press apply and wait for the screen to refresh

BarsWF Author: Svarychevski Michail Aleksandrovich Program Versions: AMD BROOK Beta 0.9 ATI/AMD card 2xxx, 3xxx, 4xxx CUDA 0.8 NVIDIA GeForce 8xxx and later, minimum 256 MB memory SSE2 P4, Core2Duo, Athlon64,Sempron64, Phenom

BarsWF

BarsWF_CUDA_x64.exe -h ed9dafbb85d9b2f4a33ddc4deb04c89d -c 0aA~ -min_len 8 -thread_n 256 -grid_n 256 -gpu_time 1500

Brute Force example Password Length: 8 Possible characters: 62 (a-z, A-Z, 0-9) Possibilities:62 8 = 2 x With 1000 MHashes/s it would take less than 3 days