Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

  • Markus Dürmuth
  • Tim Güneysu
  • Markus Kasper
  • Christof Paar
  • Tolga Yalcin
  • Ralf Zimmermann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7459)


Passwords are still the preferred method of user authentication for a large number of applications. In order to derive cryptographic keys from (human-entered) passwords, key-derivation functions are used. One of the most well-known key-derivation functions is the standardized PBKDF2 (RFC2898), which is used in TrueCrypt, CCMP of WPA2, and many more. In this work, we evaluate the security of PBKDF2 against password guessing attacks using state-of-the-art parallel computing architectures, with the goal to find parameters for the PBKDF2 that protect against today’s attacks. In particular we developed fast implementations of the PBKDF2 on FPGA-clusters and GPU-clusters. These two families of platforms both have a better price-performance ratio than PC-clusters and pose, thus, a great threat when running large scale guessing attacks. To the best of our knowledge, we demonstrate the fastest attacks against PBKDF2, and show that we can guess more than 65% of typical passwords in about one week.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bishop, M., Klein, D.V.: Improving system security via proactive password checking. Computers & Security 14(3), 233–249 (1995)CrossRefGoogle Scholar
  2. 2.
    Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: Proc. 12th ACM Conference on Computer and Communications Security, pp. 364–372. ACM, New York (2005)CrossRefGoogle Scholar
  3. 3.
    Weir, M., Aggarwal, S., de Medeiros, B., Glodek, B.: Password cracking using probabilistic context-free grammars. In: IEEE Symposium on Security and Privacy, pp. 391–405. IEEE Computer Society (2009)Google Scholar
  4. 4.
    Openwall Community Wiki.: John the Ripper benchmarks (April 2012),
  5. 5.
    Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898 (September 2000),
  6. 6.
    TrueCrypt - Free Open-Source On-The-Fly Encryption (November 2011),
  7. 7.
    OASIS: Open Document Format for Office Applications (OpenDocument) Version 1.2 (April 2012),
  8. 8.
    IEEE Computer Society: IEEE Standard for Information technology 802.11 - Telecommunications and information exchange between systems - Local and metropolitan area networks - Specific requirements (Jun 2007),
  9. 9.
    Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14(4), 255–293 (2001)MathSciNetzbMATHGoogle Scholar
  10. 10.
    Castelluccia, C., Dürmuth, M., Perito, D.: Personal communication (2012)Google Scholar
  11. 11.
  12. 12.
    ElcomSoft: Lightning Hash Cracker (November 2011),
  13. 13.
    Golubev, I.: IGHASHGPU (November 2011),
  14. 14.
    Schober, M.: Efficient password and key recovery using graphics cards. Master’s thesis, Ruhr-Universität Bochum (2010)Google Scholar
  15. 15.
  16. 16.
  17. 17.
    Bevand, M.: Breaking UNIX crypt() on the PlayStation 3 (Presentation, ToorCon 10) (September 2008)Google Scholar
  18. 18.
    Wu, T.: A real-world analysis of kerberos password security. In: Network and Distributed System Security Symposium (1999)Google Scholar
  19. 19.
    Zviran, M., Haga, W.J.: Password security: an empirical study. J. Mgt. Info. Sys. 15(4), 161–185 (1999)Google Scholar
  20. 20.
    Kedem, G., Ishihara, Y.: Brute force attack on UNIX passwords with SIMD computer. In: Proceedings of the 3rd USENIX Windows NT Symposium (1999)Google Scholar
  21. 21.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Oechslin, P.: Making a Faster Cryptanalytic Time-Memory Trade-Off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Mentens, N., Batina, L., Preneel, B., Verbauwhede, I.: Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking. In: Bertels, K., Cardoso, J.M.P., Vassiliadis, S. (eds.) ARC 2006. LNCS, vol. 3985, pp. 323–334. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Morris, R., Thompson, K.: Password security: a case history. Communications. ACM 22(11), 594–597 (1979)CrossRefGoogle Scholar
  25. 25.
    Spafford, E.H.: Observing reusable password choices. In: Proceedings of the 3rd Security Symposium, pp. 299–312. USENIX (1992)Google Scholar
  26. 26.
    Klein, D.V.: Foiling the cracker: A survey of, and improvements to, password security. In: Proc. USENIX UNIX Security Workshop (1990)Google Scholar
  27. 27.
    The password meter,
  28. 28.
    Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic authentication guideline: NIST special publication 800-63 (2006)Google Scholar
  29. 29.
    Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 162–175. ACM (2010)Google Scholar
  30. 30.
    Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people: Measuring the effect of password-composition policies. In: CHI 2011: Conference on Human Factors in Computing Systems (2011)Google Scholar
  31. 31.
    Castelluccia, C., Dürmuth, M., Perito, D.: Adaptive password-strength meters from Markov models. In: Proc. Network and Distributed Systems Security Symposium (NDSS). The Internet Society (2012)Google Scholar
  32. 32.
    Schechter, S., Herley, C., Mitzenmacher, M.: Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks. In: Proceedings of the 5th USENIX Conference on Hot topics in Security, pp. 1–8. USENIX Association (2010)Google Scholar
  33. 33.
    Nvidia: CUDA Developer Zone (Website) (2011),
  34. 34.
  35. 35.
    Khronos Group: OpenCL - The open standard for heterogeneous systems (Website) (2011),
  36. 36.
    Nvidia: TESLA C2050/C2070 GPU Computing Processor (2010),
  37. 37.
    Intel: Intel® Core i7-900 Desktop Processor Series (2011),
  38. 38.
  39. 39.
    Barreto, P., Rijmen, V.: The Whirlpool hashing function. In: First open NESSIE Workshop, Leuven, Belgium, vol. 13, p. 14 (2000)Google Scholar
  40. 40.
    Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Markus Dürmuth
    • 1
  • Tim Güneysu
    • 1
  • Markus Kasper
    • 1
  • Christof Paar
    • 1
  • Tolga Yalcin
    • 1
  • Ralf Zimmermann
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations