Archive for April, 2009

Windows Passwords

Wednesday, April 15th, 2009

Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.

Nvidia Quadro FX 4800

Wednesday, April 15th, 2009

You should be aware that Distributed Password Recovery and Wireless Security Auditor work not only with NVIDIA GeForce cards and Tesla supercomputers (in terms of GPU acceleration), but with professional Quadro cards, too. We never compared the performance of GeForce and Quadro, though. Curious? Then read the Nvidia Quadro FX 4800: Workstation Graphics At Its Finest? article published at Tom’s Hardware today.

Technically, Quadro FX 4800 is very similar to GeForce GTX 280. But have a look at the Performance Comparison. On some tests, Quadro is up to 10 times faster than GeForce. Yes, almost the same GPU. Yes, same version of drivers. Amazing. Just note that the retail price on FX 4800 is in $1600-$2000 range. But if it can do password cracking at much higher rate than GeForce (again, we never tried it, sorry), it looks like a good investment.

Fastest video card

Tuesday, April 14th, 2009

As you may guess, it is ATI Radeon HD 4890 X2. It is not available yet, but coming soon. We’re very impatient to try our WPA password recovery software there.

An article Best Graphics Cards For The Money: April ’09 : March Review/April Updates also worth reading.

Surveillance Self-Defense Project fills the gaps in your security policy

Monday, April 13th, 2009

Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)

ATI, NVIDIA and WPA/WPA2 passwords

Friday, April 10th, 2009

In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.

Well, to make the long story short: simply download the latest ATI Catalyst drivers and updated Elcomsoft Wireless Security Auditor :) . Just note that this (new) version of EWSA will not work with drivers version 9.1 or older.

In the meantime, NVIDIA CUDA 2.2 (beta) released. Does that actually matter? Yes, because NVIDIA Tesla C1060 and S1070 are now officially supported on Windows. Besides, we need to have a look at Zero-copy support for direct access to system memory, because it may speed-up the GPU-enabled password cracking on some particular algorithms.

Lotus Notes ID files password cracking

Friday, April 10th, 2009

You’re probably aware that our Distributed Password Recovery works with Lotus Notes ID files (as well as with two dozen other file formats, of course). Some sad news: in latest versions of Notes (8.5), encryption has been improved. In older versions, only 64-bit and 128-bit RC2 options were available, but now you can also use AES (128-bit or 256-bit). Well, encryption itself does not actually matter, but the problem is that password verification routine is not much better (worse?) as well: 5,000/10,000 SHA-1 cycles have been added. EDPR will be updated accordingly to support new format (you can subscribe to our mailing list to be notified), of course, but don’t expect the high recovery speed: we can get several hundred passwords per second only. For older versions of Notes, the speed was ~100,000 passwords per second or higher.

23 NVIDIA GeForce GTX 295s packed into one system

Wednesday, April 8th, 2009

Looks like a very good system for password cracking (using GPU-accelerated Elcomsoft Distributed Password Recovery), isn’t it? Especially assuming that even single GeForce GTX 295 is faster than Intel Octa-Core CPU (to be released later this year).

Welcome to ElcomSoft Blog!

Tuesday, April 7th, 2009

Welcome to the newly opened, all-new ElcomSoft Blog! In this blog, we shall be covering various issues in the area of computer security. Windows hacks, weak passwords, security weaknesses of well-known products, electronic identity theft, new attacks and algorithms that help or prevent us from cracking certain passwords, and similar issues will be covered.

WPA Benchmark

Monday, April 6th, 2009

Here are the benchmarks for WPA recovery; we’ve run tests on one of the most powerful modern CPUs and a bunch of GPUs. Even GTX 280 outperformed Core 2 Quad Q6600:

wpa_benchmark2

User Authentication Through Desktop Scanner

Friday, April 3rd, 2009

Actually this has nothing to do with IT security, though the technique thought of by sharp guys from Princeton seems extraordinary. The research team made their way to identify fingerprints with help of a regular scanner:

This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots.

Curious pictures publicized by Ed Felton in his blog. It is always challenging to give another life to common things we are surrounded by, similarly we suggested an alternative implementation of video cards and successfully use this technology to speed up password recovery. Inventive minds!