On password guessing with GPUs and FPGAs

Abstract

Passwords are still by far the most widely used form of user authentication, for applications ranging from online banking or corporate network access to storage encryption. Password guessing thus poses a serious threat for a multitude of applications. Modern password hashes are specifically designed to slow down guessing attacks. However, having exact measures for the rate of password guessing against determined attackers is non-trivial but important for evaluating the security for many systems. Moreover, such information may be valuable for designing new password hashes, such as in the ongoing password hashing competition (PHC). In this work, we investigate two popular password hashes, bcrypt and scrypt, with respect to implementations on non-standard computing platforms. Both functions were specifically designed to only allow slow-rate password derivation and, thus, guessing rates. We develop a methodology for fairly comparing different implementations of password hashes, and apply this methodology to our own implementation of scrypt on GPUs, as well as existing implementations of bcrypt and scrypt on GPUs and FPGAs.