# Hash brute-forcing - CPU vs GPU - a quick overview



## ico (Nov 15, 2011)

*Software used:*

Hashcat for CPUs
oclHashcat-lite for AMD graphic cards (OpenCL)
cudaHashcat-lite for nVidia graphic cards

*Results:*

*MD5*



*Equipment*
|
*Speed (million brute-forces per second*
HD 6950
|4781.5
HD 5770
|2897.7
HD 5750
|2405.5
HD 4890
|1743.5
GTX 560 Ti
|1033.7
GTX 260 Core 216
|718.1
8800 GT
|489.8
HD 6310
|86.5
i5-2500k (4 threads)
|53.41
i5-2500k (2 threads)
|28.80
i5-2500k (1 thread)
|14.40
*SHA1*



*Equipment*
|
*Speed (million brute-forces per second*
HD 6950
|1675.1
HD 5770
|1020.0
HD 5750
|841.0
HD 4890
|625.5
GTX 560 Ti
|504.1
GTX 260 Core 216
|50.9
i5-2500k (4 threads)
|45.78
HD 6310
|32.1
8800 GT
|31.7
i5-2500k (2 threads)
|24.75
i5-2500k (1 thread)
|12.51
AMD's VLIW architecture owns nVidia's Fermi and older architectures in this case. More parallelized and that's what Cryptography is all about. Would be interesting to see how AMD's Graphics Core Next fares up for this purpose.

*What does 5 billion MD5 brute forces per second mean?*
MD5 Hash of a 7 char string containing only lower-case alphabets and numbers cracked within 30 seconds. Think how fast 8 x HD 6990s would be.

*Note:* oclHashcat-lite didn't work for nVidia cards. Don't know why. Could be either - software or driver issue. Don't consider this an Apples-to-Apples comparison. But still this is the best what each platform can offer.


----------



## doomgiver (Nov 15, 2011)

i second this, i've seen a demo of this, cracked the 7 alphanum pass in under a minute.


----------



## vickybat (Nov 15, 2011)

Nice one *gagan* . You tested all those cards personally? Did 2500k use the AES-NI instruction set for this test or it was standard x86?

I think nvidia fared bad here due to the fact you mentioned above.

What are md5 & sha btw?


----------



## ico (Nov 15, 2011)

This is brute-forcing - trying all permutations. Not any sort of encryption/decryption. Not at all to be confused with AES-NI which only applies for speeding up AES encryption/decryption given the fact you know the key. This was x86 (SSEx) on the CPU obviously. 

Regarding cards, special thanks to Faun, Liverpool_fan, hellknight, krow, vamsi and Jojo. 



vickybat said:


> What are md5 & sha btw?


Hashing algorithms.

String: lol
MD5 hash: 9cdfb439c7876e703e307864c9167a15
SHA1 hash: 403926033d001b5279df37cbbe5287b7c7c267fa

Everyone except Sony knows how to store passwords in the hash form. Hash = one way. 4+5 = 9. But you can't get 4 and 5 back from 9. This is a vague definition.

So, when you enter your password - it is the hash of the entered password being compared to what is stored in database. Not plaintext verification. If your database gets hacked, the passwords are not compromised.

To increase security, you can append a salt at the end of a string and then MD5 it. Or salt the string and then MD5/SHA1 it twice.

*Edit:* thanks to vickybat for submitting HD 5750 scores.


----------



## hellknight (Nov 15, 2011)

Nice.. so these are the results of that experiment.. btw.. nice colour schemes on Intel, AMD & NVIDIA products


----------



## Skud (Nov 15, 2011)

Nice. The improvement from Radeon 5xxx to 6xxx is awesome.


----------



## Krow (Nov 15, 2011)

My poor HD 6310 beats the life out of big i5 processors.


----------



## Skud (Nov 15, 2011)

Reason for AMD to bundle one with their APU.


----------



## asingh (Nov 15, 2011)

How is this thing on Xfire..?


----------



## JojoTheDragon (Nov 15, 2011)

^ Download oclHashcat-lite  and find out.


----------



## Skud (Nov 15, 2011)

Should be over 3000/1000 for Anil.


----------



## ico (Nov 15, 2011)

asingh said:


> How is this thing on Xfire..?


Supports Crossfire.

But requires Catalyst 11.4 or later with APP Runtime 2.4 or later. Basically you need to install everything in the driver stack.


----------



## asingh (Nov 16, 2011)

Give me the DL details will run it. I am on 11.10 drivers cause of BF3, which never worked anyways.


----------



## guru_urug (Nov 16, 2011)

This is interesting

*www.tomshardware.com/reviews/wireless-security-hack,2981.html

Harden Up: Can We Break Your Password With Our GPUs? : Need A Locksmith?


----------



## ico (Nov 17, 2011)

asingh said:


> Give me the DL details will run it. I am on 11.10 drivers cause of BF3, which never worked anyways.


Here:

**hashcat.net/oclhashcat-lite/*


----------



## iknowledge (Dec 14, 2011)

Can you provide detail procedure on how to try this out?


----------



## ico (Dec 17, 2011)

iknowledge said:


> Can you provide detail procedure on how to try this out?


do you have an nVidia or AMD graphic card?

Download the file I posted above. Extract it.

Edit cudaexample.cmd for nVidia or oclexample.cmd for AMD. Replace the first line with the following commands depending on what you are cracking. Second line should be "pause" without quotes.

For MD5: oclHashcat-lite64.exe <MD5_hash_string>

For SHA1: oclHashcat-lite64.exe <SHA1_hash_string> --hash-type=100


----------



## BHU5HAN (Dec 21, 2011)

This is interesting 
btw Why GPU is faster than CPU..?



ico said:


> Everyone except Sony knows how to store passwords in the hash form. Hash = one way. 4+5 = 9. But you can't get 4 and 5 back from 9. This is a vague definition.
> 
> So, when you enter your password - it is the hash of the entered password being compared to what is stored in database. Not plaintext verification. If your database gets hacked, the passwords are not compromised.


So, What if any person knows the algorithm for hashing, that person can easily get the plain text form hash..?


----------



## Faun (Dec 21, 2011)

^^GPU is good at repetitive task.


----------



## Renny (Dec 25, 2011)

Is this because the GPUs have some instruction set/algorithm which helps it perform better wrt CPUs?


----------



## vickybat (Jan 1, 2012)

Its because gpu's are good in heavily parallel processes. Hashing sees individual sp's in a gpu as compute units and thus divides the task among them and utilizes their compute power. 

VLIW architecture of amd gpu's has an upper hand in hashing and all gpu's are well ahead than the latest cpu's. See it this way:

Lets say a core i5 2500 has 4 physical cores having a fixed set of execution units and radeon 5750 has 700 streaming multiprocessors. You see almost a 40 times difference between their scores and its because each set of sp's in 5750 are doing the same thing as a single core in 2500. So the sheer performance difference due to the huge sp count and performing the task in a parallel manner.

Hope this explanation holds true. Others can definitely mention their points and correct any wrong info.


----------

