Releasing the Kracken: Build and Using A GPU Password Cracker presented at BSidesDC 2014

by Jonathan Fallone,

Summary : We’ve all seen the major security firms show off their password cracking setups on Twitter and their blogs. But it’s not that hard – or expensive - to build a serious password cracker for your own company. In fact, the real attackers probably sport similar hardware to use against you. While it can look daunting to pick from the massive number of GPUs available on the market, it’s not that difficult to nail down your requirements and put together a fast rig able to crack a significant number of passwords in a short period of time. This presentation will show you what to look for, how to pick your equipment, and considerations for building and maintaining your rig – from piecing the system together to considering your power requirements.
But a password cracker is useless if you don’t know how to use it. It’s all too common for pen testers and auditors to use a dictionary or two and a couple of simple brute force attacks and give up. There are tons of options in most cracking tools to increase the effectiveness of your cracking efforts. We’ll show you how to use your new password cracker and the industry favorite oclHashcat effectively to crack a significant number of passwords in a short amount of time, with minimal brute forcing.