Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking

  • Nele Mentens
  • Lejla Batina
  • Bart Preneel
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3985)


This paper presents a hardware architecture for UNIX password cracking using Hellman’s time-memory trade-off; it is the first hardware design for a key search machine based on the rainbow variant proposed by Oechslin. The implementation target is the Berkeley BEE2 FPGA platform which can run at 400 million password calculations/second. Our design targets passwords of length 48 bits (out of 56). This means that with one BEE2 module the precomputation for one salt takes about 8 days, resulting in a storage of 56 Gigabyte. For the precomputation of all salts in one year we would need 92 BEE2 modules. Recovering an individual password requires a few minutes on a Virtex-4 FPGA.


cryptanalysis hash-functions time-memory trade-off exhaustive key search rainbow table FPGA implementation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    University of California Berkeley Wireless Research Center. Bee home page,
  2. 2.
    Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) Proceedings of the 12th Annual Workshop on Selected Areas in Cryptography. LNCS, 19 pages. Springer, Heidelberg (2005)Google Scholar
  4. 4.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Borst, J., Preneel, B., Vandewalle, J.: On the memory trade-off between exhaustive key-search and table precomputation. In: Proceedings of the 19th Symposium on Information Theory in the Benelux. Werkgemeenschap voor Informatie- en Communicatietheorie, Enschede, The Netherlands, pp. 111–118 (1998)Google Scholar
  6. 6.
    Fiat, A., Naor, M.: Rigorous time/space tradeoffs for inverting functions. In: Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, pp. 534–541 (1991)Google Scholar
  7. 7.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26, 401–406 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Kusuda, K., Matsumoto, T.: Optimization of time-memory trade-off cryptanalysis and its application to DES, FEAL-32 and Skipjack. IEICE Transcations on Fundamentals of Electronics, Communications and Computer Science E-79A, 35–48 (1996)Google Scholar
  9. 9.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  10. 10.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Oechslin, P.: Les compromis temps-mémoire et leur utilisation pour casser les mots de passe Windows. In: Symposium sur la Sécurité des Technologies de l’Information et de la Communication SSTIC, Rennes (June 2004)Google Scholar
  12. 12.
    Quisquater, J.-J., Standaert, F.-X., Rouvroy, G., Legat, J.D.: A cryptanalytic time-memory trade-off: First FPGA implementation. In: Glesner, M., Zipf, P., Renovell, M. (eds.) FPL 2002. LNCS, vol. 2438, pp. 780–789. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Quisquater, J.-J., Stern, J.: Time-memory tradeoff revisited (unpublished, 1998)Google Scholar
  14. 14.
    Rivest, R.: The MD5 Message-Digest Algorithm (1992),
  15. 15.
    Standaert, F.-X., Rouvoy, G., Quisquater, J.-J., Legat, J.-D.: A time-memory trade-off using distinguished points: New analysis and FPGA results. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) Proceedings of 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES). LNCS, vol. 2535, pp. 593–609. Springer, Heidelberg (2002)Google Scholar
  16. 16.
    Wiener, M.J.: The full cost of cryptanalytic attacks. Journal of Cryptology 17(2), 105–124 (2004)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nele Mentens
    • 1
  • Lejla Batina
    • 1
  • Bart Preneel
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.Katholieke Universiteit LeuvenESAT/SCD-COSICLeuven-HeverleeBelgium

Personalised recommendations