Jeremiah Grossman is widely considered to be one of the world’s most talented ethical hackers, but even his ninja-like prowess wasn’t enough to recover a forgotten password used to encrypt sensitive work documents contained on his MacBook Pro.
After fiddling with a freely available password cracking program, the CTO of Whitehat Security soon realized that its plodding speed—about one password guess per second—meant it would likely take him decades of tries before he arrived at the right one. That’s when he called in the big guns, namelySolar Designer and other principals behind the free John the Ripper password cracker as well as Jeremi Gosney, a password security expert at Stricture Consulting Group. (Ars has chronicled Gosney’s cracking prowess in articles here and here.)
“Collectively, these guys are amongst the world’s foremost experts in password cracking,” Grossman wrote in a blog post describing the odyssey unlocking the crucial files. “If they can’t help, no one can. No joking around, they immediately dove right in.”
Security concerns—not to mention the enormous size of the DMG encrypted disk images—prevented him from sending the files directly to his rescuers. So he availed himself of a feature in JtR called dmg2john, which separates the encryption contained in a DMG from the data it’s protecting. That allows the cracking program to target the password protecting the file without exposing the underlying data.
But even then, there was a problem. Grossman’s AES256-encrypted DMG used a staggering 250,000 rounds of PBKDF2-HMAC-SHA-1, an algorithm designed to run extremely slowly to make the job of password cracking harder. Gosney’s Xeon X7350 could crack a single round of HMAC-SHA1 at a rate of about 9.3 million hashes per second. By forcing Gosney to repeat the process 250,000 times, his system was reduced to just 37 or so hashes per second. Even using all four processors of his machine, he could bump up the performance to only about 104 hashes per second. (JtR doesn’t support graphic-cards when cracking Apple’s latest DMG formats.)
Grossman’s predicament, and the techniques used to resolve it, underscore the never-ending battle between password security and the latest cracking strategies. For much more about the techniques used to create and defeat strong passwords, see the Ars feature Why passwords have never been weaker—and crackers have never been stronger.