Abstract
This paper presents an accelerator design for the password recovery of sha256crypt based on hybrid CPU-FPGA devices. By applying the brute-force attack computation model proposed in this paper, we decompose the sha256crypt function into two types of operations, namely the data dispatching and the block transforming. The data dispatching operation generates message blocks and the block transforming operation transforms message blocks into digests. These two operations are efficiently accelerated by the customized data dispatch unit and the pipelined block transform unit, respectively. Difficulties of adopting the pipeline technique are addressed also with the following techniques. The group scheduling is used to solve the data dependency that stalls the pipeline. The look-ahead execution eliminates the uncertainty of the execution path. The data path pruning and spatial-temporal multiplexing reduce the resource overhead of non-computing units.The proposed accelerator design is implemented and evaluated on the Xilinx Zynq-7000 XC7Z030-3 SoC. Our experimental results show that the proposed accelerator can improve energy efficiency by 2.54x over the state-of-the-art password recovery tool Hashcat running on an NVIDIA GTX1080Ti GPU. Compared with the pure FPGA-based implementation in John-the-Ripper, the proposed accelerator improves energy efficiency by 1.64x and improves resource efficiency by 1.69x.
Highlights
Password-based user authentication [Lam81] is the most commonly used method to protect user’s important information, since passwords are highly portable and easy to understand by users
The performance and energy efficiency of our accelerator are evaluated on a Xilinx Zynq7000 XC7Z030-3 system on chip (SoC), which contains two ARM Cortex-A9 processors working at 666 MHz and a 7 series programmable logic
This paper has proposed an efficient sha256crypt password recovery accelerator based on the pipelined SHA256 unit
Summary
Password-based user authentication [Lam81] is the most commonly used method to protect user’s important information, since passwords are highly portable and easy to understand by users. To prevent the clear text password from being obtained by malicious attackers, most operating systems and applications apply key derivation functions (KDFs) to convert clear text passwords to password hashes. Since KDFs are one-way functions, the only way to recover the clear text password from the password hash is the brute-force attack, which searches the correct password by performing KDF on all possible passwords until the output of KDF matches the password hash [Mar08]. The time consumption of brute-force attack depends on the searching speed and the size of the searching space. As the searching space is huge in most scenarios, malicious attackers have to pay enormous time and energy cost, and it is the same for the users who want to retrieve forgotten passwords. To expedite password recovery with a reasonable amount of time and energy consumption, a fast and energy-efficient accelerator becomes necessary
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
