Could the PS4 be brute forced? - PS3Hax Network

bubbleboy · 12-05-2012

http://it.slashdot.org/story/12/12/0...rds-in-minutes

New 25-GPU Monster Devours Strong Passwords In Minutes

chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

DEFAULTDNB · 12-05-2012

Perhaps PS3 should be brute-forced first? :P

TizzyT · 12-05-2012

A quick glimpse of the link and it seems the method used relies on hashes. And while that does help, we would need the hash of the key in the first place, without it it would be the same as blindly looking.

RickDangerous · 12-05-2012

A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim

What they don't tell you is that the time needed increases exponentially with every added password character. 15 characters would take 256 times longer = 1536 minutes. 16 characters = 396 hours. And that is just for hashing simple windows xp password.

Brute force is not the way to crack the ps4. Even if the cpus of tomorrow was 100 times faster than today, brute forcing a 256 bit key would still take years.

12-05-2012	#1
bubbleboy Member Join Date: Nov 2011 Posts: 253 Likes: 60 Liked 99 Times in 53 Posts Mentioned: 18 Post(s) Tagged: 0 Thread(s)	Could the PS4 be brute forced? http://it.slashdot.org/story/12/12/0...rds-in-minutes New 25-GPU Monster Devours Strong Passwords In Minutes chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

12-05-2012	#2
DEFAULTDNB Join Date: Mar 2012 Posts: 9,006 Likes: 6,279 Liked 3,870 Times in 2,518 Posts Mentioned: 954 Post(s) Tagged: 0 Thread(s)	Perhaps PS3 should be brute-forced first? :P __________________ ★STATUS★MINVERCHK★DOWNGRADE★JAILBREAK★SKU's★ ★PPC+MD5★QUICK SWAP FW★MULTIMAN★IRISMANAGER★

12-05-2012	#3
TizzyT Homebrew Developer Join Date: Jul 2011 Location: USA-Unfortunately Sucks A$$ Posts: 1,843 Likes: 1,011 Liked 813 Times in 478 Posts Mentioned: 160 Post(s) Tagged: 0 Thread(s)	A quick glimpse of the link and it seems the method used relies on hashes. And while that does help, we would need the hash of the key in the first place, without it it would be the same as blindly looking. __________________ If you are going to promote TB at least do it right!!!, or better yet DON'T!!!

		PS3Hax Network - Playstation 3 Hacks and Mods > PS4Hax > PS4 \| General Discussion
Could the PS4 be brute forced?

User Name		Remember Me?
Password

User Tag List
Input each user name separated by a comma, like so: User1,User2,User3.