[Beowulf] NVIDIA GPUs, CUDA, MD5, and "hobbyists"

Vincent Diepeveen diep at xs4all.nl
Wed Jun 18 16:16:27 PDT 2008 

Jakob,

You are speaking here of a hobby project of a system administrator
to crack a few passwords in the slowest possible way?

In general very stupid algorithms do not benefit much from caching  
things in RAM,
let alone caches and are lightyears slower than what is possible.

Game tree search is a great example of this, but lately also in  
weather research
they've found more sophisticated methods if i read this list correctly.

Apart from all this.

See www.wassenaar.org

That is a treaty that USA wanted and many nations signed it.
Called the Wassenaar treaty. Maybe therefore a new embassy from USA
gets built now in the town Wassenaar (close to The Hague).

Treaty, if i read it well, makes problems using public key above 512  
bits.

So according to that treaty, if i read it correct, trying to do anything
with a SSH which uses usually 1024 bits RSA, is already meaning you
are a criminal category 5 (highest category).

In fact programming that SSH 1024 bits code already makes you a big  
enemy of the state as it is above 512 bits.

So your posting rises the question with me, without thinking yet  
about the CUDA component of your solution,

Is it legal what your friend is doing for his hobby in his sparetime?

Thanks,
Vincent

checkout: http://www.primenumbers.net/prptop/prptop.php

On Jun 19, 2008, at 12:45 AM, Jakob Oestergaard wrote:

> On Wed, Jun 18, 2008 at 10:14:28PM +0200, Vincent Diepeveen wrote:
>> Prentice,
>>
>> No one doubts your collegue.
>>
>
> Ok the following has nothing to do with any part of the discussion,  
> but I just
> needed to get this out  :)
>
> ...
>> So this experiment of your high esteemed collegue is an example of an
>> application that you do not want to buy those cards for.
>
> For attacks against password hashes (and similar) this is very useful.
>
> You generate strings, hash them, compare the hash to your target  
> value.  If it
> matches, you've found your source string (password).
>
> Disks are never involved.
>
> Your brute-force of md5 (or something similar) will run as fast as  
> the string
> generators (processors) allow. Some time ago I looked into buying  
> an FPGA card
> to speed up a bitsliced 3des to brute force certain hashes, but  
> never actually
> got around to doing this.  From an algorithmic point of view,  
> though, this
> could have rocked seriously on even a low end FPGA  :)
>
> The point being; this is a useful application. Even though the md5
> implementation may just have been "for show" and not intended as a  
> final
> product, it is very close to something that has direct uses.
>
> And sure, no, people won't buy GPUs to speed up the occational file  
> hashing
> with md5sum, and I'm sure that wasn't the intention either  :)
>
> -- 
>
>  / jakob
>
>

More information about the Beowulf mailing list