RPISEC

As of the October 23 release, the cracker now supports batched testing (for all unsalted algorithms, i.e. all but MD5crypt) of multiple hashes against a given search space.

Up to 128 hashes may be entered, one per line, in a text box on the controller submission page. The system is fairly efficient; in one two-minute long test quadrupling the number of hashes being tested against resulted in a mere three seconds increase in run time.

I am currently redesigning the network protocol and database schema to allow the cracker to batch-process a large number of hashes simultaneously. More information will be posted as the code approaches completion.

Please be advised that due to a fairly major refactoring of the database schema, the controller will need to be reinstalled (delete config.php, drop all tables in the controller database, and re-run setup.php) to run correctly with the new code.

This release will also break protocol compatibility with current agents. (If an agent connects to a new controller without indicating that it is compatible with the new version 3.2 protocol, it will be told that no work is available.)

Hi man, you wanna get low? Like really really low? Like lower than
you'd be if you compressed one hundred years of low level goodness
into one second? Then have some assembler.

become one with the machine.
You cant get closer to the processor. Well almost (microcode).

So lets hug some processors.

Instructions;
join intruded.net #rpisec

Solve gate1.
ssh gate1@intruded.net -p 31337

We will be holding a general interest meeting in Sage 4101 from 6-8 pm on October 3rd. Web security was a popular topic in our interest survey, and many of our prospective members said they wanted introductory-level talks, so we're delivering.

Topics to be covered include the HTTP protocol and common website backend software, and the vulnerabilities that plague them: SQL injection, XSS, CSRF, authorization/authentication bypass, you name it. Learn some tools to make your life easier.

Please fill out this survey to tell us what Web stuff you're familiar with.

Trac is a web-based wiki and issue tracking system for project management, popular among high-profile open source projects including Adium, WordPress, and WebKit. It gives developers a well-designed dashboard for planning and maintaining their project through powerful features such as a project timeline and custom ticket reports.

This project aims to extend Trac to parse diagnostic reports generated by the Clang Static Analyzer, a feature of the Clang compiler which can automatically detect bugs in C and Objective-C code.

• Implements a full parser for Clang diagnostic report files.
• Provides a user interface which matches the look-and-feel of Trac's built-in source code viewer, annotated with relevant diagnostic text.
• Automatically files a ticket against the current milestone whenever a new issue is detected.
• Reasonably determines "persistence" of issues across multiple source code revisions.
• Automatically closes tickets when bugs are fixed.
• Allows developers to mark false positives and report them back to the Clang project.
• Provides version control commit hooks and/or Buildbot Builder to generate new diagnostic reports whenever source changes.

This project is possible thanks to the generosity of Sean O'Sullivan '85. It is being developed under the advisement of the Rensselaer Center for Open Source Software.

While studying the MD4 hash algorithm in an attempt to increase MD4 and NTLM performance, I discovered an interesting vulnerability which will permit cracking of short passwords to run up to 15% faster. The attack has not, as of this writing, been implemented in the cracker.

A brief paper describing the attack can be found at http://www.cs.rpi.edu/~zonena/papers/md4_v2.pdf.

In the off chance thats somebody might find something useful in it, I've decided to post the code that started it all - version 1.0.

This code compiles for Windows only (due to its use of MFC) and is poorly documented. Work units are allocated statically at the start of the crack; if any compute node goes down the entire crack fails.

The source has been gathering dust on my server for months and has not been - nor will it ever be - maintained since the end of 2008. Don't expect it to work properly :)

To prevent confusion and keep the download page tidy, we will no longer be archiving all repository snapshot tarballs. Instead, only the current and previous snapshots will be posted for download.

Anyone interested in older revisions is, of course, free to check out the appropriate files from our Git repository.

The cracker now supports NTLM.

• GeForce 8600M GT - 31.488 MHz
• GeForce 9800 GT - 159.869 MHz
• Tesla C1060 - 347.003 MHz
• GeForce GTX 285 - 434.031 MHz

• Standard test cluster - 2.30 GHz

MD4 support was added to the cracker in record time - 6 minutes and 38 seconds after I sat down at the keyboard, a working CUDA implementation (derived from the MD5 kernel) had been pushed to Git. The algorithm was similar enough to MD5 that it passed unit tests the first time I compiled!

• GeForce 8600M GT - 30.182 MHz
• GeForce 9800 GT - 153.436 MHz
• Tesla C1060 - 339.702 MHz
• GeForce GTX 285 - 423.313 MHz
• Standard test cluster - 2.31 GHz

NTLM, which is an MD4-based algorithm, should follow shortly.