News Tested: Does Ampere Make Password Crackers Useful?

[Admin]

Turns out making a password recovery program 5 - 8 times faster isn’t enough for it to pose a threat.

Tested: Does Ampere Make Password Crackers Useful? : Read more

 

[Darkbreeze]

Why is this even an article on what is supposed to be a reputable tech site? In the past we'd have likely deleted any post like this that came up in the forums. The fact that it's not actually IN the forums, shouldn't make much difference. It's bad form.

 

[Olle P]

What I get out of this article is that

1. Strong passwords are still difficult to brute force.
2. It's possible to recover ones own files if you know parts and/or some details of the password used, greatly reducing the remaining number of options.

 

[nofanneeded]

Quantum computing will change all that ... which can be 10^8 faster per core ( yes 100 millions times faster) in some calculations

 

[JarredWaltonGPU]

Why is this even an article on what is supposed to be a reputable tech site? In the past we'd have likely deleted any post like this that came up in the forums. The fact that it's not actually IN the forums, shouldn't make much difference. It's bad form.

A PR blast went out from the company. This is not the type of PR coverage they're looking for, of course, because we just showed that it's basically a scummy program. And we then took time to provide a PSA effectively saying, "Make sure you use strong passwords." We debated coverage vs. no coverage, and felt that not covering it didn't mean the information wouldn't get out to the people who would use this sort of program, and second we could provide some real-world testing with a 30-series GPU and discuss our findings. We did both.

The basic PR is about how awesome Passcovery is and how it can crack a Word document password in about two hours. The reality is that it's not very good at all for anyone with even a modestly secure password. I ran additional tests, using password protected Zip files (which can be attacked much faster than Word docs).

1. Random 5-character password with upper, lower, number, and symbol. (q9H3#). Passcovery ran through its default test and failed to find the password.
2. I tried the name of a book (Don Quixote), no caps and no spaces. It's number three on this list of the greatest books ever written. I even used the relatively weak ZIP/Classic password protection, which appears to have a cracking speed of around 200 million passwords per second (!?). Passcovery tried 40 billion passwords and failed to find one.
3. I tried my name, on an AES-encrypted Zip file, no spaces or caps (jarredwalton). Note that 'jarred' is actually a word, though 'walton' is only a name. Still failed. (I used AES because it's stronger and Passcovery doesn't attempt a brute force of all 7 (?) character and fewer passwords.)
4. At this point, I wasn't sure the utility worked at all, so I intentionally tried very weak passwords. 'password' was found very quickly and the program reports 'pa*' as the solution. 'godsmack' (a band name) was also found, but took a bit longer. 'hello123' was found after about 20 seconds. 'Hello123' was also found. 'hell0321' was not found.
5. I went back to the first 'random' password, and ran a brute force attack on the file using all letters (upper and lower case), numbers, and 'special numbers' (basically the shift version of the numbers -- !@#$%^&*() --which bumped the search time to five minutes (the full 'all special characters' search would have required 30 minutes). I had to retest with a second password that I wrote down just to make sure, because this seemed to fail the first time I tried it, but it worked on the second password.

Basically, you have to intentionally use a very weak and/or short password if you want this program to work. The collision range is seemingly large (about 235 million passwords), but when you consider the permutations it ends up extremely limited. Even picking three not-very-random words is generally sufficient to get your password outside the scope of such utilities. For example, 'threewordpass' was not found. Any two English words, no special characters, all lowercase (or maybe only the first letter uppercase -- 'hEllo123' is yet another relatively simple and short password that was not found), and it might work.

So if this were a 'review' we'd be saying:
Pros:
1) There's a trial so you can attempt to crack a document before paying (but only for 30 minutes of searching)

Cons:

1. This is scammy software that gives a false sense of hope if you've lost a password
2. It costs way too much and can't crack even modest passwords
3. The only people likely to use it are probably using it for nefarious reasons

One star -- it gets more than a zero because it actually can crack simple passwords, but people shouldn't use simple passwords. Especially in 2020.

Fun Fact: I have a password protected Word document where I write down all my passwords for important stuff, in case I ever die and my wife needs to get access. She's forgotten the password and existence of this file many times, sadly, so I'm not sure it will help her much in the event of my demise. Also, even with a relatively simple 10 character password, Passcovery could not crack it. A brute force attack of limited complexity has an ETA of 9362 years. Full complexity for Latin only has an ETA of 74,504,186 years. (That's 96 characters to the power of 10, or: 66483263599150104576 potential passwords. Brute force is the death of password crackers.)

But hey, the brute force attack of all 5-character passwords that worked on step 4 would 'only' take 20.3 hours (instead of five minutes for a Zip file). Like I said: scummy and scammy software.

 

[lolno]

The quality of articles on this site has taken a real dive lately... you'd think the poster would understand some very basics of hashing, such as the difference between hash collisions and rainbow tables. Good job misinforming your readers.

 

[JarredWaltonGPU]

The quality of articles on this site has taken a real dive lately... you'd think the poster would understand some very basics of hashing, such as the difference between hash collisions and rainbow tables. Good job misinforming your readers.

Tom's Hardware, successfully going downhill since 1996!

[That's sarcasm, if you can't tell -- I can name more than a few very bad things that were allowed in the past that are no longer present. Things change, it's not always for the better, but also not always worse. The only constant in life is change.]

What would a discussion of rainbow tables or hashing functions change in this piece? The software will still fail to crack most passwords of even modest complexity. It's the same old story: if your password is a common word or phrase (whether it's found in a dictionary of passwords or in a rainbow table of precomputed hashes of passwords), it's an insecure password. And if it's not in one of those, then Passcovery and other tools aren't likely to help.

 

[Darkbreeze]

Fair enough, but it might have been a lot more palatable to have EARLY in the article, alluded to the fact that the piece was written more for making the point that the software (Which most wouldn't have ever heard of anyhow unless they were already intending nefarious behavior, but now, assuredly, a whole new generation of wannabe kiddie hackers is aware of it) was "scummy and scammy" rather than what it APPEARS to be, which is that these GPUs are powerful and better able to take advantage of illicit software that previously wasn't very effective because it took so long to use, but now works much faster. Not sure I'm convinced either way, and I guess it doesn't really matter what I think, but it IS my opinion, and obviously it's shared as it was discussed elsewhere already anyhow along with some comments here that were in line with those opinions as well.

But as I said, fair enough. Plausible deniability and all that.

 

[JarredWaltonGPU]

Fair enough, but it might have been a lot more palatable to have EARLY in the article, alluded to the fact that the piece was written more for making the point that the software (Which most wouldn't have ever heard of anyhow unless they were already intending nefarious behavior, but now, assuredly, a whole new generation of wannabe kiddie hackers is aware of it) was "scummy and scammy" rather than what it APPEARS to be, which is that these GPUs are powerful and better able to take advantage of illicit software that previously wasn't very effective because it took so long to use, but now works much faster. Not sure I'm convinced either way, and I guess it doesn't really matter what I think, but it IS my opinion, and obviously it's shared as it was discussed elsewhere already anyhow along with some comments here that were in line with those opinions as well.

But as I said, fair enough. Plausible deniability and all that.

It's really not that much faster. Eight times faster than before? That's nothing. One extra character on a password is potentially 96X more complex. The real question is whether or not quantum computing will come along in a practical form and make all of these old-style password schemes pointless. I have my doubts -- serious doubts -- that will ever actually happen, at least in my lifetime, for many reasons. One of the big ones: Google, IBM, Intel, etc. don't want to churn out hardware that will make everything insecure. If QC actually is excellent at breaking passwords, big corporations will keep it out of the public until new security mechanisms are in place. That's my bet. Plus, while QC will be good for certain tasks, even if it's a million times faster at cracking passwords than current PCs ... well, you just make your algorithm 30 bits longer, or add six characters, and it's back to being effectively unsolvable.

I also sit firmly in the camp of not trying to hide things from people. The 'bad people' wanting to use password crackers are surely already aware of tools that are far more damaging the Passcovery. If someone first learns of it here and ultimately tries to put it to use for nefarious purposes ... I'm not feeling very threatened by such a user. "Tom's Hardware says this thing isn't very good at cracking passwords. I'll show them!"

 

[Darkbreeze]

It doesn't really matter how you or I feel about it, it's a matter of how does it look to the average person viewing articles like this through the microscope of their own perceptions. I just think it's contrary to the kinds of things TH has always stood for, but it's ok. As you say, there's been a decline in that regard for a while now and no one article is going to facilitate the demise of this community. It's not that bad really, but it just kind of leaves a bad taste in the mouth of members and moderators that have been trying to help preserve the purity of the product for a long time now. Anyhow, that's just my opinion anyway. No big deal.

 

[jkflipflop98]

It's really not that much faster. Eight times faster than before? That's nothing. One extra character on a password is potentially 96X more complex. The real question is whether or not quantum computing will come along in a practical form and make all of these old-style password schemes pointless. I have my doubts -- serious doubts -- that will ever actually happen, at least in my lifetime, for many reasons. One of the big ones: Google, IBM, Intel, etc. don't want to churn out hardware that will make everything insecure. If QC actually is excellent at breaking passwords, big corporations will keep it out of the public until new security mechanisms are in place. That's my bet. Plus, while QC will be good for certain tasks, even if it's a million times faster at cracking passwords than current PCs ... well, you just make your algorithm 30 bits longer, or add six characters, and it's back to being effectively unsolvable.

I also sit firmly in the camp of not trying to hide things from people. The 'bad people' wanting to use password crackers are surely already aware of tools that are far more damaging the Passcovery. If someone first learns of it here and ultimately tries to put it to use for nefarious purposes ... I'm not feeling very threatened by such a user. "Tom's Hardware says this thing isn't very good at cracking passwords. I'll show them!"

Actually, Intel/AMD/Nvidia/IBM/Whoever would love to be the first to market a full-on quantum chip to the masses. Imagine the buying frenzy that would ensue once you know that anyone with one of these fancy new quantum PCs can just walk right into your system like you left the keys in the lock.

Great article, Jarred. As usual.

 

[nofanneeded]

if QC actually is excellent at breaking passwords, big corporations will keep it out of the public until new security mechanisms are in place.

When Quantum computers arrive , all the password system will disappear and will be replaced by hardware keys with Encryption that uses Quantum CPU ...

and yes simple memorized passwords will disappear. wont be practical at all.

But I dont think that the Governments would allow it to be sold for the public for one reason , they want all other nations Encryption open to spy on . Quantum Computers are like nuclear weapons , once one nation has it , it will spy and infiltrate any other nation with ease for the only Encryption that a Quantum Computer cant solve is the one that is made by another quantum computer.

 

[Ivan Golubev]

The basic PR is about how awesome Passcovery is and how it can crack a Word document password in about two hours.

Hello, Jarred.

First question. Can you please point out to/quote original PR where it states about " it can crack a Word document password in about two hours"? I'm technician inside Passcovery and don't pay much attention to our PRs (is it bad? Don't think so). Anyway, if it was really stated in PR in exactly these words -- it was wrong. But I can't find such statement right now. From the other hand, if you've created test archive, started Passcovery Suite, selected your archive, selected "Default Attack Scenario", pressed "Start", seen message "Password range is defined and attack has been started. If password belongs to this range it'll be found otherwise you'll need to extend password range taking into consideration practical limits based on password recovery speed", seen ETA 2 hours and somehow figured out from this that after 2 hours your password will be 100% recovered -- it's completely different story.

Yes, strong passwords are impossible to crack. It was the case 10 years ago, 20 years ago (when I've started with this area) and it'll be the case for nearest 10+ years as well. No miracles here. However, problem with 2020 is that people are way too lazy to understand how things/software works and way too judgmental as well. It took you like... 30 minutes to end with "scummy and scammy software". Really nice editorial work! Why bother with technical details when you simply can call it "scam"?

I'll explain you in simpler terms what Passcovery PR's was about:

1. Our software now supports Ampere GPUs (sm_80 & sm_86).
2. Password recovery speed for zip/classic archives became much higher for all NVIDIA GPUs. Not just 30x0.
3. That "gap" and "blasphemy" words from PR screenshots are belongs only to 16-bit hashes from Office files, not relevant for any other schemes.
4. That's all. Nothing about "with 3090 you now can do ..." Nope, you can't do anything with 3090 that you was able to do with 2080 2 years ago. Or even HD5990 7+ years ago.

I have a password protected Word document where I write down all my passwords for important stuff, in case I ever die and my wife needs to get access. She's forgotten the password and existence of this file many times, sadly, so I'm not sure it will help her much in the event of my demise.

Well, good example here. If your wife completely forgot the password then, yeah, it's over. However, if she's somehow able to remember just 3 first letters out of that then (no, you don't run "default scenario" and tell people "They are all scammers!" after 2 hours) you're (or she's in fact) carefully calculating your chances to brute-force the rest of the password. You're need to know what you're doing after all if you're using strong passwords! Password recovery wizard within PSuite shows ETA immediately as you're changing attack settings. Yes, no point to wait for 140 years but... if it's only a year?

It called "recovery" not as "euphemism" for "cracking". You can't crack a strong password used in properly designed protection scheme. Period. But you can recover it if you have some knowledge about this password by using more advanced methods rather than just typing all passwords one by one by hand.

The thing I agree with -- default scenario attacks must be improved, so more "simple" passwords will be recovered without any user interactions. However, this will increase default attack time which at some point ends as "This scummy software worked twice as long as previous version but still hasn't recovered my password!!!" Well, yeah, bad, bad software...

 

[Darkbreeze]

 

[JarredWaltonGPU]

First question. Can you please point out to/quote original PR where it states about " it can crack a Word document password in about two hours"? I'm technician inside Passcovery and don't pay much attention to our PRs (is it bad? Don't think so). Anyway, if it was really stated in PR in exactly these words -- it was wrong. But I can't find such statement right now. From the other hand, if you've created test archive, started Passcovery Suite, selected your archive, selected "Default Attack Scenario", pressed "Start", seen message "Password range is defined and attack has been started. If password belongs to this range it'll be found otherwise you'll need to extend password range taking into consideration practical limits based on password recovery speed", seen ETA 2 hours and somehow figured out from this that after 2 hours your password will be 100% recovered -- it's completely different story.

I swear there was something on the Passcovery Suite page or news post where it said "recovers most Word passwords in about two hours" or something to that effect. Because I remember thinking, "Wait, I've got a 3080 and it's estimating two hours -- most people aren't going to have a 3080!" But if that text was present before, it's been scrubbed now. (Do note that I did the performance testing but didn't write this article. I'm just active in the comments. ;-))

Yes, strong passwords are impossible to crack. It was the case 10 years ago, 20 years ago (when I've started with this area) and it'll be the case for nearest 10+ years as well. No miracles here. However, problem with 2020 is that people are way too lazy to understand how things/software works and way too judgmental as well. It took you like... 30 minutes to end with "scummy and scammy software". Really nice editorial work! Why bother with technical details when you simply can call it "scam"?

I'll explain you in simpler terms what Passcovery PR's was about:

1. Our software now supports Ampere GPUs (sm_80 & sm_86).
2. Password recovery speed for zip/classic archives became much higher for all NVIDIA GPUs. Not just 30x0.
3. That "gap" and "blasphemy" words from PR screenshots are belongs only to 16-bit hashes from Office files, not relevant for any other schemes.
4. That's all. Nothing about "with 3090 you now can do ..." Nope, you can't do anything with 3090 that you was able to do with 2080 2 years ago. Or even HD5990 7+ years ago.

Well, good example here. If your wife completely forgot the password then, yeah, it's over. However, if she's somehow able to remember just 3 first letters out of that then (no, you don't run "default scenario" and tell people "They are all scammers!" after 2 hours) you're (or she's in fact) carefully calculating your chances to brute-force the rest of the password. You're need to know what you're doing after all if you're using strong passwords! Password recovery wizard within PSuite shows ETA immediately as you're changing attack settings. Yes, no point to wait for 140 years but... if it's only a year?

It called "recovery" not as "euphemism" for "cracking". You can't crack a strong password used in properly designed protection scheme. Period. But you can recover it if you have some knowledge about this password by using more advanced methods rather than just typing all passwords one by one by hand.

The thing I agree with -- default scenario attacks must be improved, so more "simple" passwords will be recovered without any user interactions. However, this will increase default attack time which at some point ends as "This scummy software worked twice as long as previous version but still hasn't recovered my password!!!" Well, yeah, bad, bad software...

I get that it's a potentially useful service in a very loose sense ... and also a service that can very much be put to nefarious use. It costs a lot, people can use it to do bad things, and you're screwed if you forget a strong password. Which to me reeks of scummy / scammy software -- the scam part being where I read somewhere about how it could recover a password in a relatively short time, when that's only if people use weak passwords.

It's good that Passcovery can't crack decent passwords -- I don't want software to break security. But there's no way I'm going to recommend buying software like this. At least there's a trial, and if you can give it the right parameters so that it can crack/recover a password in 30 minutes and you really need to do that, well, sure. Buy Passcovery for $40 or $60 or whatever it costs for a minimum length subscription and then recover the one password.

The reality, however, is that this is mostly snake oil. It promises to do something it can only do if someone was careless -- because they either forgot part of their password, or they used an insecure password. Neither is good and indicates the user should have done something else -- like maybe use LastPass or a similar password service. It's like recommending people pay for a data recovery service rather than teaching them about the importance of backups. You can do the former, but you're far better off doing the latter.

 

[denglad]

I swear there was something on the Passcovery Suite page or news post where it said "recovers most Word passwords in about two hours" or something to that effect. Because I remember thinking, "Wait, I've got a 3080 and it's estimating two hours -- most people aren't going to have a 3080!" But if that text was present before, it's been scrubbed now. (Do note that I did the performance testing but didn't write this article. I'm just active in the comments. ;-))

Actually, strange and emotional conclusions made based on the "quotation" that neither me, being responsible for Passcovery texts, nor Google cache memory remembers. And certainly such a "promise" is profanation, if we speak about strong protection (password to open set for Word 2007 and later).

In fact, the situation has not drastically changed since 2011, when Andrew Ku conducted a research for his article on Tom's Hardware : just GPU acceleration is not enough for the successful password RECOVERY. Yes, sure, the rate of password searching on video cards increased greatly (you can consider our tables), we have found a method allowing to increase it even more on NVIDIA for Zip with classic encryption, but still it is not enough.

It is also required to adjust the searching range: to сreate a position mask or to create a dictionary for the mutation using possible password options. All this cannot be done using other people’s passwords, when nothing is known about them.

This is exactly what you should have used in your cases from the comments above: limit the searching range with possible values and check all of them at the highest speed. This is exactly what Passcovery products promise and do. And probably it will take more (much more 😉) time than 2 hours.

In any case, if we are screwed and you can find this passage about 2 hours, please contact me. It needs to be corrected or the context needs to be clarified.