Paper presented at ADMS 2020
Niclas presented our paper on the practical security of hash-based authentication with modern hardware architecture. The paper concludes that passwords only adhering to the minimum requirements of major websites are easily crackable with home hardware. The paper was presented at ADMS 2020, which was the 11th edition of the workshop. It was held online for the first time due to the COVID-19 pandemic.
You can watch the talk on YouTube here.
Hash-based authentication is a widespread technique for protecting passwords in many modern software systems including databases. A hashing function is a one-way mathematical function that is used in various security contexts in this domain. In this paper, we revisit three popular hashing algorithms (MD5, SHA-1, and NTLM), that are considered weak or insecure. More specifically, we explore the performance of the hashing algorithms on different hardware platforms, from expensive high-end GPUs found in data centers and high-performance computing centers to relatively cheaper consumer-grade ones found in the homes of end-users. In parallel, we observe the behavior of different hardware platforms. Our results re-emphasize that despite their theoretical strength, the practical utilization of widely used hashing algorithms are highly insecure in many real-world scenarios; i.e., cracking a password of length 6 takes less than 6 seconds using a consumer-grade GPU.