Pico Computing Cracks NTLM Authentication Protocol with FPGA Devices

Pico Computing has successfully accelerated cracking of the NTLM (NT LAN Manager) authentication protocol, resulting in performance of over 144 billion keys per second. Pico Computing used a cluster of 36 Xilinx FPGA devices installed in a single 4U system consuming under 1500 watts. This compares with typical performance of less than 20 million keys per second using a modern dual-core CPU, or 250 million keys per second when using a GPU-accelerated system.

NT LAN Manager is widely used to protect user passwords and authentication on nearly all Windows-compatible servers and workstations. CPU- and GPU-based approaches to password recovery are limited by power consumption and do not scale well when more processors are added. Clusters of FPGAs enabled Pico Computing to apply the resources needed to exactly match the parallel processing requirements of password recovery.

Hardware-optimized MD4 core and key generator running on the FPGA is able to generate NTLM passwords for any given character set and length. This processing module is then replicated and scaled up within a single FPGA device, and across multiple FPGAs on one or more PCI Express cards. Optimizations to increase performance in the FPGA devices include the use of reduced word sizes (only seven bits are needed to represent password characters) and by pre-computing and pipelining the stages of computation to exploit hardware-level parallelism. The resulting NTLM cracking application is linearly scalable, making it possible to recover passwords in minutes or hours, rather than in days or weeks.

More information: Pico Computing