GPU Password Auditing - Cryptohaze



Cryptohaze is the home of high performance, open source, network-enabled, US-based cross-platform GPU and OpenCL accelerated password auditing tools for security professionals. Currently, many security professionals are at a serious disadvantage in auditing as they cannot submit hashes to online hash databases due to the terms of their auditing agreement. Cryptohaze tools are aimed at providing high quality tools that run on any platform – Windows, Linux, or OS X. The tools run on all platforms that support CUDA or OpenCL (currently Windows, Linux, OS X). If you don’t have a GPU – the OpenCL code will run just fine on your host CPU!




GPU Password Auditing


The Cryptohaze tools are designed for both nVidia based graphics cards, and OpenCL devices (nVidia and ATI/AMD graphics cards, and Intel/AMD CPUs). Right now, the old Multiforcer requires CUDA support (so nVidia cards only), but the rainbow table tools and the new Multiforcer work on anything with a CPU, including Atom based devices. For best performance, a top of the line ATI card is recommended. nVidia cards simply do not have the hash performance of ATI right now. The tools do support BFI_INT and other ATI-specific operations to improve performance rather significantly over nVidia cards. That said, if you value your sanity, nVidia may be a better option for these tools. ATI’s driver support, especially under Linux, leaves much to be desired and they do not seem to care to fix it. nVidia support is reliable, tested, and is less likely to leave you balding. And the uptime of an nVidia server may compensate for the reduced performance.


Cryptohaze Multiforcer

The Cryptohaze Multiforcer is a high performance CUDA password cracker that is designed to target large lists of hashes. Performance holds very solid with large lists, such that on a suitable server, cracking a list of 1 000 000 passwords is not significantly slower than cracking a list of 10. For anyone who deals with large lists of passwords, this is a very useful tool! Algorithm support includes MD5, NTLM, LM, SHA1, and many others.

Multiforcer New (MFN)

The Multiforcer New is a total ground up rewrite of the Cryptohaze Multiforcer with CUDA, OpenCL, and CPU (SSE/AVX/etc) support. It remains focused on brute forcing large hash lists, and scales very well. It also is designed for network clustering of machines – no longer are you limited to running your hashes with a single machine! Other tools have varying levels of network support, but Cryptohaze is the only open source tool with easy to use built in networking.

Cryptohaze GPU Rainbow Tables

There has been very little development in the promising Rainbow Table technology over the past several years. Cryptohaze GPU Rainbow table are a totally fresh implementation of rainbow tables, leveraging the strengths of the nVidia GPUs and OpenCL devices to allow for much larger table spaces and coverage. While the stock RainbowCrack tables use chain lengths of 10 000, the Cryptohaze tables use a chain length of 200 000. This allows much larger attack spaces – NTLM tables for full US charset (95 characters) length 8 are available, and other tables will become available as they are created. While doing this, cracking times on a high performance server remain very reasonable – in some cases, under 2 minutes per password!


OpenCL support is present for the rainbow table tools, and is present in the new alpha Multiforcer. If you are interested in helping to port the tools to OpenCL, drop author a line!