WO2008027091B1 - Method and system for password recovery using a hardware accelerator - Google Patents
Method and system for password recovery using a hardware acceleratorInfo
- Publication number
- WO2008027091B1 WO2008027091B1 PCT/US2007/011809 US2007011809W WO2008027091B1 WO 2008027091 B1 WO2008027091 B1 WO 2008027091B1 US 2007011809 W US2007011809 W US 2007011809W WO 2008027091 B1 WO2008027091 B1 WO 2008027091B1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- password
- fpga
- computational
- packet
- processing matrix
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2131—Lost password, e.g. recovery of lost or forgotten passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Advance Control (AREA)
- Storage Device Security (AREA)
Abstract
Password recovery utilizes a hardware accelerator operating in connection with a host computer system that runs software to generate and format password candidates for computational processing. The hardware accelerator accepts formatted password candidates and can store a number of these candidates in a memory that is managed by a memory controller. A processing matrix is made up of a number of FPGAs which each can be programmed to run a number of computational blocks that are configured to 'consume' or process a request packet containing a single password candidate. This multiple FPGA, multiple computational block configuration allows parallel processing of numerous password candidates by the hardware accelerator, a process that is normally computationally expensive. Processing of a request packet by a computational block generates a response packet that includes computational results corresponding to the single password candidate contained in the consumed request packet. The FPGAs can be arrayed using a nearest neighbor protocol in some embodiments. The request and response packets can be stored in and retrieved from the memory using a memory controller. The response packets retrieved from the memory can be unpacked by software to yield data to be evaluated by password recovery software running on the host computer system.
Claims
1. A method for recovering passwords, the method comprising:
generating a set of password candidates using a software program;
providing a subset of the password candidates to a processing matrix comprising a plurality of logic resources;
processing the subset of password candidates in the processing matrix to generate computational results; and
providing the computational results to the software program for evaluation.
2. The method of Claim 1 further comprising formatting the subset of password candidates prior to providing the subset of password candidates to the processing matrix.
3. The method of Claim 2 wherein generating the set of password candidates and evaluation of the computational results are performed by a primary software program; and
further wherein formatting the password candidates is performed by an intermediate software program.
4. The method of Claim 1 wherein the logic resources comprise a plurality of FPGAs.
5. The method of Claim 4 wherein the plurality of FPGAs are coupled to one another using a nearest neighbor protocol.
6. The method of Claim 4 wherein each FPGA comprises a plurality of computational blocks; and
further wherein each computational block is configured to process a single password candidate at a time and generate computational results for that single password candidate.
AMENDED SHEET (ARTICLE 19)
32
7. The method of Claim 1 wherein the password candidates are stored in a memory unit prior to being provided to the processing matrix; and
further wherein the computational results are story in the memory unit prior to being provided to the software program for evaluation.
8. The method of Claim 1 wherein the computational results generated by the processing matrix are packed in response packets; and
further wherein the computational results are unpacked by an intermediate software program prior to the computational results being provided for evaluation.
9. The method of Claim 1 wherein the computational results are possible cipher keys.
10. A password recovery system comprising:
a host computer system executing software configured to:
generate password candidates; and
format the password candidates for processing; and
a hardware accelerator coupled to the host computer system, wherein the hardware accelerator comprises a processing matrix comprising logic resources configured to process a plurality password candidates simultaneously to generate a plurality of computational results.
11. The password recovery system of Claim 10 wherein the hardware accelerator further comprises a memory unit comprising:
a memory; and
a controller configured to control storage of:
the password candidates provided by the host computer system software prior to processing by the processing matrix; and
AMENDED SHEET (ARTICLE 19)
33 the computational results provided by the processing matrix after processing prior to retrieval by the host computer system software;
further wherein the processing matrix is configured to:
obtain password candidates from the memory unit; and
return the computational results to the memory unit.
12. The password recovery system of Claim 10 wherein the processing matrix comprises a plurality of FPGAs.
13. The password recovery system of Claim 12 further wherein the processing matrix uses a nearest neighbor protocol.
14. The password recovery system of Claim 11 wherein the memory unit controller provides each password candidates to the processing matrix as a request packet; and
further wherein the processing matrix provides the computational results corresponding to each password candidate to the memory unit as a response packet.
15. The password recovery system of Claim 14 wherein the processing matrix comprises a plurality of FPGAs, wherein each FPGA comprises a plurality of computational blocks, and further wherein each computational block consumes a request packet to generate a response packet.
16. A password recovery system comprising:
a host computer system executing:
password recovery software for generating a plurality of password candidates; and
formatting software for generating a plurality of request packets, wherein each request packet comprises a single password candidate; and
a hardware accelerator coupled to the host computer system, wherein the hardware accelerator comprises:
AMENDED SHEET (ARTICLE 19) a processing matrix comprising a plurality of FPGAs, wherein each FPGA comprises a plurality of computational blocks, further wherein each computational block is configured to:
consume a single request packet; and
generate a response packet comprising computational results corresponding to the single password candidate contained in the consumed request packet;
a memory; and
a memory controller coupled to the memory and to the processing matrix, wherein the memory controller is configured to control transfer of data between the formatting software, the memory and the processing matrix and wherein the memory controller is configured to control memory storage and retrieval of:
request packets from the formatting software; and
response packets from the processing matrix;
wherein the formatting software unpacks the computational results from each response packet; and
further wherein the password recovery software evaluates the computational results.
17. The password recovery system of Claim 16 wherein the FPGAs of the processing matrix are configured to use a nearest neighbor protocol.
18. The password recovery system of Claim 16 wherein the hardware accelerator exposes itself to the host computer as a hard disk storage interface.
19. A method for recovering passwords, the method comprising:
providing a plurality of request packets to a hardware accelerator (200), wherein each request packet comprises at least one password candidate;
AMENDED SHEET (ARTICLE 19)
35 storing the plurality of request packets in a request packet memory (210) in the hardware accelerator (200);
transmitting successive request packets from the request packet memory (210) to a processing matrix (250), wherein the processing matrix (250) comprises a plurality of FPGAs (255) coupled in a downstream nearest neighbor configuration and an upstream nearest neighbor configuration, wherein each FPGA (255) comprises one or more computational blocks (350);
distributing each request packet transmitted to the processing matrix (250) to an idle FPGA computational block (350) using a downstream nearest neighbor data transfer protocol;
processing at least one password candidate from each request packet distributed to an idle FPGA computational block (350) to generate computational results;
formatting the computational results as one or more response packets; and
transmitting each response packet to a response packet memory (210) using an upstream nearest neighbor data transfer protocol.
20. The method of Claim 19 characterized in that the processing matrix (250) comprises a processing matrix gateway (208) that controls:
storing request packets in the request packet memory (210);
transmitting request packets from the request packet memory (210) to the processing matrix (250); and
transmitting response packets to the response packet memory (210).
21. The method of Claim 19 αr 20 characterized in mat each password candidate is generated by a password recovery application on a host computer (230); and
further characterized in that the password recovery application performs validation of the computational results in each response packet.
AMENDED SHEET (ARTICLE 19)
36
22. The method of Claim 21 characterized in that an application programming interface formats as request packets password candidate data generated by the password recovery application; and
further characterized in that the application programming interface unpacks each response packet prior to validation of the computational results by the password recovery application.
23. The method of Claim 19, 20, 21 or 22 characterized in that providing the plurality of request packets to the hardware accelerator (200) is performed by a host computer (230) performing a block write request to the hardware accelerator (200); and
further characterized in that response packets in the response packet memory (210) are sent to the host computer (230) in reply to a block read request to the hardware accelerator (200) from the host computer (230).
24. The method of Claim 19 or 23 characterized in that the hardware accelerator (200) emulates a block-oriented storage device.
25. The method of Claim 19 characterized in that each request packet comprises a request packet task identifier; and
further characterized in that each response packet comprises a response packet task identifier linked to the request packet task identifier of the request packet that was processed to generate the computational results contained in the response packet.
26. The method of Claim 19 characterized in that the downstream nearest neighbor data transfer protocol comprises a multiple phase protocol, and further characterized in that the upstream nearest neighbor data transfer protocol comprises a multiple phase protocol, wherein each multiple phase protocol comprises:
a first FPGA (255) offering to transfer a packet to a second FPGA (255), characterized in that the second FPGA (255) is a nearest neighbor FPGA (255), and further characterized in that:
AMENDED SHEET (ARTICLE 19)
37 the nearest neighbor FPGA (255) is a downstream nearest neighbor FPGA (255) if the packet is a request packet; or
the nearest neighbor FPGA (255) is an upstream nearest neighbor FPGA (255) if the packet is a response packet;
the first FPGA (255) either committing to the transfer offer or cancelling the transfer offer, characterized in that the first FPGA (255) can commit to the transfer offer only if the second FPGA (255) has signaled that the second FPGA (255) is able to accept the packet; and
after the first FPGA (255) commits to the transfer offer, the first FPGA (255) transferring the packet to the second FPGA (255).
27. The method of Claim 21, 22, 23 or 24 characterized in that the host computer (230) is coupled to the hardware accelerator (200) by an interface, wherein the interface comprises at least one of the following:
a FireWire interface (204); or
a USB interface (202).
AMENDED SHEET (ARTICLE 19)
38
Applications Claiming Priority (8)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/510,950 US20080126472A1 (en) | 2006-08-28 | 2006-08-28 | Computer communication |
| US11/511,190 | 2006-08-28 | ||
| US11/510,922 US20080052525A1 (en) | 2006-08-28 | 2006-08-28 | Password recovery |
| US11/510,950 | 2006-08-28 | ||
| US11/511,190 US20080052429A1 (en) | 2006-08-28 | 2006-08-28 | Off-board computational resources |
| US11/510,894 US20080052490A1 (en) | 2006-08-28 | 2006-08-28 | Computational resource array |
| US11/510,894 | 2006-08-28 | ||
| US11/510,922 | 2006-08-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| WO2008027091A1 WO2008027091A1 (en) | 2008-03-06 |
| WO2008027091B1 true WO2008027091B1 (en) | 2008-05-08 |
Family
ID=38626612
Family Applications (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2007/011809 WO2008027091A1 (en) | 2006-08-28 | 2007-05-17 | Method and system for password recovery using a hardware accelerator |
| PCT/US2007/012257 WO2008027092A1 (en) | 2006-08-28 | 2007-05-23 | Computer communication |
| PCT/US2007/015870 WO2008027115A2 (en) | 2006-08-28 | 2007-07-12 | Off-board computational resources |
| PCT/US2007/015869 WO2008027114A2 (en) | 2006-08-28 | 2007-07-12 | Computational resource array |
Family Applications After (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2007/012257 WO2008027092A1 (en) | 2006-08-28 | 2007-05-23 | Computer communication |
| PCT/US2007/015870 WO2008027115A2 (en) | 2006-08-28 | 2007-07-12 | Off-board computational resources |
| PCT/US2007/015869 WO2008027114A2 (en) | 2006-08-28 | 2007-07-12 | Computational resource array |
Country Status (1)
| Country | Link |
|---|---|
| WO (4) | WO2008027091A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105799620B (en) * | 2014-12-29 | 2019-01-22 | 上海通用汽车有限公司 | The security code of vehicle electric control module calculates |
| CN110770710B (en) * | 2017-05-03 | 2023-09-05 | 艾德蒂克通信公司 | Apparatus and method for controlling acceleration of data |
| CN108616535B (en) * | 2018-04-28 | 2021-02-09 | 浪潮集团有限公司 | FPGA-based multi-protocol security authentication network exchange acceleration system and method |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE3812823A1 (en) * | 1988-04-16 | 1989-11-02 | Asea Brown Boveri | Network of connected microcomputers |
| US5577262A (en) * | 1990-05-22 | 1996-11-19 | International Business Machines Corporation | Parallel array processor interconnections |
| AU665521B2 (en) * | 1990-10-03 | 1996-01-11 | Thinking Machines Corporation | Parallel computer system |
| JP3136088B2 (en) * | 1996-02-22 | 2001-02-19 | シャープ株式会社 | Data processing device and data processing method |
| US6085316A (en) * | 1998-07-28 | 2000-07-04 | Sun Microsystems, Inc. | Layered counterflow pipeline processor with anticipatory control |
| GB2348974B (en) * | 1999-04-09 | 2004-05-12 | Pixelfusion Ltd | Parallel data processing systems |
| US20060041932A1 (en) * | 2004-08-23 | 2006-02-23 | International Business Machines Corporation | Systems and methods for recovering passwords and password-protected data |
-
2007
- 2007-05-17 WO PCT/US2007/011809 patent/WO2008027091A1/en active Application Filing
- 2007-05-23 WO PCT/US2007/012257 patent/WO2008027092A1/en active Application Filing
- 2007-07-12 WO PCT/US2007/015870 patent/WO2008027115A2/en active Application Filing
- 2007-07-12 WO PCT/US2007/015869 patent/WO2008027114A2/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2008027115A3 (en) | 2008-04-17 |
| WO2008027092A1 (en) | 2008-03-06 |
| WO2008027115A2 (en) | 2008-03-06 |
| WO2008027091A1 (en) | 2008-03-06 |
| WO2008027114A3 (en) | 2008-04-24 |
| WO2008027114A2 (en) | 2008-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100378679C (en) | Method and system of redirection for storage access requests | |
| US9632936B1 (en) | Two-tier distributed memory | |
| TW200741462A (en) | Non-volatile memory sharing system for multiple processors and memory sharing method thereof | |
| US20080052525A1 (en) | Password recovery | |
| TW200622882A (en) | Sas storage virtualization controller, subsystem and system using the same, and method therefor | |
| CN104813292A (en) | Scaling computing clusters in a distributed computing system | |
| TW201027350A (en) | Devices, systems, and methods to synchronize simultaneous DMA parallel processing of a single data stream by multiple devices | |
| CN103582868A (en) | Operator state checkpoints | |
| WO2008058154A2 (en) | Using shared memory with an execute-in-place processor and a co-processor | |
| CN101013410A (en) | Dma transfer apparatus | |
| CN101344812B (en) | Magnetic disk dynamic power supply management method based on embedded system | |
| CN102752387A (en) | Data storage processing system and data storage processing method | |
| CN101154202A (en) | Managing system management interrupts in a multiprocessor computer system | |
| Wang et al. | Phase-reconfigurable shuffle optimization for Hadoop MapReduce | |
| CN100489830C (en) | 64 bit stream processor chip system structure oriented to scientific computing | |
| WO2008027091B1 (en) | Method and system for password recovery using a hardware accelerator | |
| US20160034191A1 (en) | Grid oriented distributed parallel computing platform | |
| DE602004031972D1 (en) | REDUCED RESPONSE TIME FOR A PPRC WRITE OPERATION | |
| US11327808B2 (en) | Decentralized data processing architecture | |
| US20080052429A1 (en) | Off-board computational resources | |
| CN106293491B (en) | The processing method and Memory Controller Hub of write request | |
| JP2010140477A5 (en) | ||
| CN108139923A (en) | Virtual machine messaging | |
| WO2006013158A3 (en) | Managing resources in a data processing system | |
| KR102128832B1 (en) | Network interface apparatus and data processing method for network interface apparauts thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07835765 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
| NENP | Non-entry into the national phase in: |
Ref country code: RU |
|
| 122 | Ep: pct app. not ent. europ. phase |
Ref document number: 07835765 Country of ref document: EP Kind code of ref document: A1 |