Password recovery performance

Ok, here's just a quick posting to show off performance numbers when using a single cpu or a Nvidia GTX295 graphics card to recover passwords that has been stored using various hashing functions (recovery here is commonly referred to as "password cracking"). I requested this information from my contact Andrey Belenko at Elcomsoft, based on their product "EDPR - Elcomsoft Distribued Password Recovery", which i am the happy owner of for a 20-client license. (A big "thank you" to Andrey for providing the statistics!). All this as part of my ongoing "research" into passwords.

On November 23, Passware announced their Passware kit version 9.5, adding support for recovering Bitlocker passwords, causing quite a few articles online, as well as discussions on Twitter. So this post is just a simple response to my contact kairoer to clarify a few questions about Bitlocker and similar solutions.

First of all, you can download a simple PDF i made out of the performance numbers i received from Andrey here: EDPR performance (i haven't verified all the numbers though...) Anyway, what you see are names of various solutions (Windows, Adobe PDF, Lotus Notes etc), and which hash functions they use to "hash" your password and store it on disk. Column C shows the performance by a single Intel Core 2 Quad 2.66Ghz CPU (pretty standard cpu these days, not at all expensive). Column D shows the performance for the hash functions supported in EDPR through the use of a Nvidia GTX295 graphics processor (GPU). All numbers are number of passwords tested per second - YES: NUMBER OF PASSWORDS TESTED PER SECOND (many people doesn't believe this the first time...)

As you can see, there are incredible differences in performance between a CPU and a GPU, just like there are incredible differences between different hash functions. If i am to recover a Windows password that has been hashed using the NTLM function, i'll do 1,320,000,000 password attempts per second in order to find the password using a single GTX295 card (i've got a license for 20 of those in parallel). Compare that to the performance for Office 2007 documents - doing 8140 attempts per second on the same hardware. That's because Microsoft Office 2007 uses a newer hash function in order to more securely "hash" your password, compared to what Microsoft Windows does.

So what does this mean in real life?

Well, if you have a 7 characters long mix-case-numeric password in Windows, i'll "crack" it in seconds, maybe minutes or up to a few hours. If i were to "crack" a password protected Word 2007 file with the same password, it could possibly take "forever" to recover the exact same password, because of the much better hash function used by Microsoft Office 2007.

At the moment the online community is pretty close to permanently signing off 8 character mixcase-numeric (A-Z,a-z,0-9) as "not good enough" for the Windows operating system, while the same requirement is more than sufficient for Office 2007 document files. For now.

And to finish off this post; Bitlocker, just like Office 2007 uses much better functions for protecting the data stored on any kind of digital media. That said; a bad password (short - simple) will not give much security no matter what kind of software you choose to encrypt and protect your files.

I'll return with blog posts with recommendations for password policies, including length, complexity and advice on implementation for different systems later on. For now; good night and sleep well.