Open source computer cluster for Password Cracking
DOI:
https://doi.org/10.15649/2346030X.4242Keywords:
cluster, HPC, password cracking, cybersecurity, passwordsAbstract
This research focuses on the evaluation of efficiency in execution time for processes that demand significant computational capacity such as password cracking or password guessing from a hash, so the defined problem was, what is the level of efficiency of the open source computer cluster for password cracking processing for the purpose of validating password strength? For this purpose, a two-node computer cluster was used under a Linux operating system and OpenMPI, and the John the Ripper (JTR) tool was used for the password discovery process. The applied methodology includes four stages: selection of the hardware platform, selection of the software platform, cluster implementation and cluster testing, with two scenarios, testing with MD5 and SHA-1 hashes, and testing NT operating system hashes (Windows systems) and SHA-512 (Ubuntu 20.04 Linux operating system). The results of which indicate a decrease between 52% and 64% in the processing time to discover a password with the cluster at its maximum use of processors (16 in total) compared to the same procedure but with a single computer or node. Therefore, the level of efficiency found is positively significant.
References
[1] IBM, “¿Qué es la computación de alto rendimiento (HPC)?” Accessed: Jul. 13, 2024. [Online]. Available: https://www.ibm.com/es-es/topics/hpc.
[2] J. C. García-Ojeda, M. L. Ortíz, R. S. García, J. H. Cáceres, and A. Argoti, “A Computer Cluster for Big Data and Data Analytics Management: Design, Implementation, and Assessment,” in Proceedings of the Euro American Conference on Telematics and Information Systems, in EATIS ’18. New York, NY, USA: Association for Computing Machinery, 2018. doi: 10.1145/3293614.3293626.
[3] B. Kocot, P. Czarnul, and J. Proficz, “Energy-Aware Scheduling for High-Performance Computing Systems: A Survey,” Energies (Basel), vol. 16, no. 2, 2023, doi: 10.3390/en16020890.
[4] M. Lapegna, V. Mele, and D. Romano, “Clustering Algorithms for Enhanced Trustworthiness on High-Performance Edge-Computing Devices,” Electronics (Basel), vol. 12, no. 7, 2023, doi: 10.3390/electronics12071689.
[5] C. Paramita, F. A. Rafrastara, U. Sudibyo, and R. Wibowo, “Performance Evaluation of Linear Regression Algorithm in Cluster Environment,” Nov. 2020. doi: 10.13140/RG.2.2.20357.91360.
[6] C. Paramita, S. Catur, S. Luqman Afi, and R. Fauzi Adi, “The Use of Cluster Computing and Random Forest Algoritm for Flight Delay Prediction,” Mar. 2022, Zenodo. doi: 10.5281/zenodo.6377016.
[7] M. López-Martínez et al., “A High-Performance Computing Cluster for Distributed Deep Learning: A Practical Case of Weed Classification Using Convolutional Neural Network Models,” Applied Sciences, vol. 13, no. 10, 2023, doi: 10.3390/app13106007.
[8] E. Zhou, Y. Peng, G. Shao, F. Deng, Y. Miao, and W. Fan, “Password cracking using chunk similarity,” Future Generation Computer Systems, vol. 150, pp. 380–394, 2024, doi: https://doi.org/10.1016/j.future.2023.09.013.
[9] M.-D. Cano, A. Villafranca, and I. Tasic, “Performance evaluation of Cuckoo filters as an enhancement tool for password cracking,” Cybersecurity, vol. 6, no. 1, p. 57, 2023, doi: 10.1186/s42400-023-00193-6.
[10] I. Alkhwaja et al., “Password Cracking with Brute Force Algorithm and Dictionary Attack Using Parallel Programming,” Applied Sciences, vol. 13, no. 10, 2023, doi: 10.3390/app13105979.
[11] S. Jamshed, “Chapter 2 - Introduction to High-Performance Computing,” in Using HPC for Computational Fluid Dynamics, S. Jamshed, Ed., Oxford: Academic Press, 2015, pp. 21–40. doi: https://doi.org/10.1016/B978-0-12-801567-4.00002-7.
[12] J. O’Reilly, “Chapter 9 - High-Performance Computing,” in Network Storage, J. O’Reilly, Ed., Boston: Morgan Kaufmann, 2017, pp. 151–161. doi: https://doi.org/10.1016/B978-0-12-803863-5.00009-1.
[13] G. Lee, “Chapter 10 - High-Performance Computing Networks,” in Cloud Networking, G. Lee, Ed., Boston: Morgan Kaufmann, 2014, pp. 179–189. doi: https://doi.org/10.1016/B978-0-12-800728-0.00010-2.
[14] C. Severance, K. Dowd, and O. T. Library, High Performance Computing. in Online access: Center for Open Education Open Textbook Library. OpenStax CNX, 2010. [Online]. Available: https://books.google.com.pe/books?id=9MaQzQEACAAJ.
[15] R. Raj and B. Pavithra, “Cluster Computing,” Indian Scientific Journal Of Research In Engineering And Management, vol. 6, no. 6, Jun. 2022, doi: http://dx.doi.org/10.55041/ijsrem14249.
[16] D. Jiménez and A. Medina, “Cluster de Alto Rendimiento,” Journal Innovación y Tecnología, pp. 16–27, 2014, Accessed: Jul. 13, 2024. [Online]. Available: http://revistasbolivianas.umsa.bo/scielo.php?script=sci_arttext&pid=S1234-12342014000100004&lng=pt&nrm=iso.
[17] Kaspersky, “Cómo almacenar correctamente tus contraseñas de usuario | Blog oficial de Kaspersky.” Accessed: Jul. 18, 2024. [Online]. Available: https://www.kaspersky.es/blog/how-to-store-passwords/29183/.
[18] S. K. Jena, R. C. Barik, and R. Priyadarshini, “A systematic state-of-art review on digital identity challenges with solutions using conjugation of IOT and blockchain in healthcare,” Internet of Things, vol. 25, p. 101111, Apr. 2024, doi: 10.1016/J.IOT.2024.101111.
[19] C. Wright, “Information Gathering,” The IT Regulatory and Standards Compliance Handbook, pp. 73–114, Jan. 2008, doi: 10.1016/B978-1-59749-266-9.00005-9.
[20] Daniel W. Dieterle, Password Cracking with Kali Linux | Security | eBook, 1st Edition. 2024, 2024. Accessed: Jul. 18, 2024. [Online]. Available: https://www.packtpub.com/en-ar/product/password-cracking-with-kali-linux-9781835888544.
[21] BBC, “Millions using 123456 as password, security study finds.” Accessed: Jul. 18, 2024. [Online]. Available: https://www.bbc.com/news/technology-47974583.
[22] Kaspersky, “¿Qué es un ataque de diccionario?” Accessed: Jul. 18, 2024. [Online]. Available: https://latam.kaspersky.com/resource-center/definitions/what-is-a-dictionary-attack.
[23] V. Nair and D. Song, “Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance,” Proceedings - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023, pp. 56–72, Jun. 2023, doi: 10.1109/EuroSP57164.2023.00013.
[24] N. Tihanyi, T. Bisztray, B. Borsos, and S. Raveau, “Privacy-Preserving Password Cracking: How a Third Party Can Crack Our Password Hash Without Learning the Hash Value or the Cleartext,” IEEE Transactions on Information Forensics and Security, vol. 19, pp. 2981–2996, Jun. 2023, doi: 10.1109/TIFS.2024.3356162.
[25] Cybersecurity & Infraestructure Security Agency, “Avoiding Social Engineering and Phishing Attacks | CISA.” Accessed: Jul. 18, 2024. [Online]. Available: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks.
[26] J. Bonneau and S. Preibusch, “The password thicket: technical and market failures in human authentication on the web,” 2010.
[27] P. G. Kelley et al., “Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms,” Proc IEEE Symp Secur Priv, pp. 523–537, 2012, doi: 10.1109/SP.2012.38.
[28] A. Das, J. Bonneau, M. Caesar, N. Borisov, and X. Wang, “The Tangled Web of Password Reuse,” 2014, Accessed: Jul. 18, 2024. [Online]. Available: http://dx.doi.org/doi-info-to-be-provided-later.
[29] B. Ur et al., How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. 2012. Accessed: Jul. 18, 2024. [Online]. Available: https://www.cs.bham.ac.uk/~garciaf/publications/Gone_in_360_seconds_Hijacking_with_Hitag2_poster_2012.pdf.
[30] B. Ur et al., Measuring real-world accuracies and biases in modeling password guessability. 2015. Accessed: Jul. 18, 2024. [Online]. Available: https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-ur.pdf.
Downloads
Published
How to Cite
Downloads
Issue
Section
License
Copyright (c) 2025 AiBi Journal of Research, Administration and Engineering
This work is licensed under a Creative Commons Attribution 4.0 International License.
The journal offers open access under a Creative Commons Attibution License
This work is under license Creative Commons Attribution (CC BY 4.0).
