GPUCrack is the first documented Windows password cracker using time-memory tradeoffs (TMTO) and rainbow tables on GPUs. TMTO are mostly used on CPU (Central processing unit). Here the creation of the rainbow tables is done on GPU (Graphics processing unit) in order to obtain better performances and to be faster in the generation of tables than on CPU. This is a current research topic and GPUCrack will be able to bring answers on the use and distribution of tables on GPUs.

Why use TMTO to crack a password ?

There are several ways to crack a password, including :

Brute-force search

The goal is to test all possible passwords until the right one is found. With a powerful machine, a password of no more than 7 characters will take a few seconds or even minutes to crack. However, cracking an 8-character password (4 lowercase letters, 2 special characters, 2 numbers) takes between two and three days and from 9 characters, nine years. The exhaustive search can therefore be used only for short passwords.

A password dictionary

Another solution for cracking a password is to do all the calculations in advance and store in a table all the possible pairs (passwords, hashes) that can be used. However, creating this table is impossible because it would take several million years and there is no existing technology to store it.

Time-memory trade-off

The solution chosen for GPUCrack is the time-memory trade-off technique (TMTO), first proposed by Martin Hellman in 1980. This technique requires pre-computations which are costly, but are performed only once. The attack phase then takes only a few seconds. In 2003, Philippe Oechslin realized an improvement of Hellman's tables: the rainbow tables. These are useful for cracking passwords. Complete and precise explanations of this technique will be given in the "How to use it" section.

Comparison of the different techniques

We compare the time to crack a password and the memory used by these three methods. The time-memory trade-off technique is the one with the best ratio.