IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [gpu]

Graphics Processing Units are a special chips designed to handle video processing in computers or handheld devices which involves complex maths calculations

In simple words one can say that the CPU is the one that makes decisions based on a certain logic and the GPU is the one that does the repetitive hard work (mathematical calculations involved in video processing).

A GPU has several hundred cores to perform repetitive tasks in parallel i.e. the same instructions are executed repeatedly with different sets of data.

In the domain of IT security GPUs are important because cryptographic operations are mathematical functions that can be performed very well using parallelism. GPUs often find their use in cracking passwords which involves calculation of cryptographic hashes

26 questions
55
votes
4 answers

Spectre/meltdown on a GPU

Are GPUs vulnerable to spectre/meltdown attacks, since they have most of what makes CPUs attackable? Is there any information in the VRAM, that would cause trouble if it was stolen?
Bálint
  • 613
  • 1
  • 5
  • 8
53
votes
7 answers

How are GPUs used in brute force attacks?

I have read that GPUs can be used in brute force attacks? But how can this be done and is there a need for any other hardware devices (hard disks for instance)? Note: I'm more interested in web application security, but I don't want to put on…
Mahmood Muhammad Nageeb
  • 615
  • 1
  • 5
  • 8
16
votes
2 answers

Is OpenGL a security problem?

Today, almost all desktop and most mobile operating systems and devices support some version of OpenGL. I'm wondering about the security implications of that: In many cases, the GPU has complete and unrestricted access to the main memory (for…
lxgr
  • 4,094
  • 3
  • 28
  • 37
8
votes
4 answers

SHA-512 unix passwords. How secure are those hashes, really?

I came across this very alarming sounding thread which indicates a GPU with about half the compute capacity of the GPU currently powering the monitor I type this on is capable of 11.5k c/s. I'm not sure what a c is in this jargon. Does it stand for…
Steven Lu
  • 977
  • 2
  • 12
  • 13
7
votes
5 answers

How long would it take to bruteforce an AES-128 protected pdf knowing the key is 20 letter long and that the charset is A-Z,0-9?

The question says everything, knowing that a pdf is protected using standard Adobe password encryption that comes with Acrobat Pro (which as far as i know is AES 128) how much would it take to bruteforce a key which is known to be 20 characters long…
Blobber
  • 71
  • 1
  • 1
  • 2
6
votes
2 answers

Does password-hashing "busy-work" need to be cryptographically secure

All modern password hashing schemes are deliberately designed to include a huge amount of "busy-work", to limit the speed with which an attacker would be able to conduct password hashing attempts. Further, a goal in newer schemes is to reduce the…
supercat
  • 2,029
  • 10
  • 10
6
votes
1 answer

GPU passthrough security

How secure is the host operating system from the guest virtual machine's OS when using GPU passthrough (using the methods described here)? If the guest is compromised, can it permanently infect the GPU and its firmware? If it's possible, what could…
user220850
  • 101
  • 5
5
votes
1 answer

Modern Linux GPU driver security

How secure are modern Linux GPU drivers? The threat model is an attacker who can execute arbitrary code in the context of an unprivileged user process, which is heavily locked down by seccomp-bpf, namespaces, and other mechanisms. Specifically, it…
Demi
  • 769
  • 1
  • 4
  • 11
5
votes
4 answers

Does aircrack-ng use GPU/CUDA capabilities?

As stated, does aircrack-ng when brute forcing a WPA2 handshake capture use GPU/CUDA resources such as a program like Hashcat does?
Norr
  • 199
  • 1
  • 2
  • 8
5
votes
1 answer

Could the unused Mali GPU in the Libre Tea Computer Card be a security risk?

The Libre Tea Computer Card is a single-board computer that comes without any proprietary software (at least that’s the goal, it’s currently in crowdfunding): […] all firmware and kernel sources are GPL-licensed and will always remain so, and have…
unor
  • 1,769
  • 1
  • 19
  • 38
5
votes
1 answer

Is it possible to use parallelism when computing a key derivation function for a single password/key?

Suppose I have an AES-256 encrypted file, and I want to derive the key using PBKDF2 and a given salt with a large number of rounds (say 1 million), but I'm limited by user tolerance for UI lag when entering their password. Is it possible to compute…
samgak
  • 2,058
  • 1
  • 8
  • 11
4
votes
4 answers

Are there implementations of password hashing algorithms for major frameworks that utilizes specialized hardware like GPUs/FPGAs?

It is common knowledge that password cracking attempts can greatly benefit from specialized hardware such as large clusters of GPUs or FPGAs. Are there any implementations of the commonly recommended password hashing algorithms (PBKDF2/bcrypt) for…
user10211
4
votes
1 answer

How can I challenge an attacker to reliably identify their hardware?

I distribute a client application where I would like to identify a user's hardware specifications when they begin interacting with my server. I am specifically interested in identifying the user's GPU make and model, but I would appreciate hearing…
Tim Clancy
  • 41
  • 2
2
votes
0 answers

how many sha1 hashes per time on current hardware

How many sha1 hashes per second can current hardware (say a 500$ gpu) compute, when the input is 256 byte long? (or any other length). The question behind is how long (or how costly) is it to mount a preimage attack against Cryptographic Generated…
jannikb
  • 287
  • 3
  • 9
2
votes
1 answer

ASIC/FPGA hardwares to compute Scrypt hashes

this company claim Scrypt mining by ASIC (on crypto currencies who use scrypt hashing as proof of work) scrypt is made to keep ASIC/FPGA attackers away, is that claim expired?
user40931
  • 21
  • 1
1
2