Introduction
Hashcat is one of the most popular password cracking tools used by cybersecurity professionals and hobbyists. It supports cracking many hash types like MD5, SHA-1, and bcrypt using CPU, GPU, and more recently FPGA compute acceleration. FPGAs or Field Programmable Gate Arrays allow for the creation of custom hardware circuits to speed up password cracking significantly compared to general purpose CPUs and GPUs.
This article will provide an overview of using FPGAs to accelerate Hashcat and the benefits they provide. It will cover:
- Basics of FPGAs and how they work
- Popular FPGA boards for Hashcat
- Performance comparisons to CPUs and GPUs
- Hashcat usage and optimization with FPGAs
- Limitations and considerations when using FPGAs
What is an FPGA?
An FPGA or Field Programmable Gate Array is an integrated circuit that can be programmed and reconfigured after manufacturing. They contain an array of logic blocks and interconnects that can be programmed to create custom hardware circuits and functionality. This allows the FPGA to be optimized for specific tasks like password cracking.
Some key capabilities of FPGAs:
- Programmable logic blocks – Provides custom combinational & sequential logic
- Reconfigurable interconnects – Flexible signal routing between logic blocks
- High parallelism – 10x-100x more parallel execution than CPUs & GPUs
- Pipelining – Multiple operations in parallel in hardware pipeline
- Low power consumption – Efficient performance per watt
This combination of parallelism, pipelining, and optimized logic makes FPGAs extremely fast at brute force based tasks like password cracking.
Popular FPGA Boards for Hashcat
There are a variety of FPGA development boards available from vendors like Intel and Xilinx. Some popular options used by the Hashcat community include:
| FPGA Board | Vendor | Description |
|---|---|---|
| Intel Arria 10 GX FPGA | Intel | High performance FPGA up to 1.5 GHz, used in commercial accelators |
| Xilinx Kintex/Virtex UltraScale+ | Xilinx | Advanced FPGAs with high logic density and bandwidth |
| TinyFPGA BX | TinyFPGA | Low cost hobbyist FPGA board |
| Digilent Nexys A7 | Digilent | Beginner friendly FPGA board |
The high-end FPGAs provide over 10x the performance but also cost 1000s of dollars. The hobbyist boards are much cheaper but offer lower performance that is still faster than CPUs and GPUs.
FPGA Performance Comparison
To demonstrate the performance benefits of using an FPGA, here is a comparison of various hardware options running the Hashcat SHA-256 benchmark:
| Hardware Platform | Performance – H/s | Speedup vs CPU |
|---|---|---|
| 4-Core CPU | 17 million | 1x |
| 8-Core CPU | 34 million | 2x |
| Mid-Range GPU | 340 million | 20x |
| High-End GPU | 1,300 million | 76x |
| Low-Cost FPGA | 500 million | 29x |
| High-End FPGA | 4,000 million | 235x |
As shown, even a low-cost FPGA can provide almost 30x faster SHA-256 cracking compared to a quad core CPU. And a high-end FPGA can deliver over 200x higher performance. This makes FPGAs extremely powerful for accelerating Hashcat.
Using Hashcat with FPGAs
To leverage an FPGA for hashcat, you will need an FPGA board with the Hashcat cracking bitstream loaded. This configures the FPGA with the custom logic optimized for password cracking.
Here are the steps to run Hashcat with an FPGA accelerator:
- Obtain compatible FPGA board – Purchase hardware like the Intel Arria 10 or Xilinx UltraScale+ FPGA. Or lower cost options like the TinyFPGA BX.
- Install FPGA board and drivers – Setup the physical FPGA board and install any required drivers or SDKs.
- Load Hashcat cracking bitstream – Program the FPGA with Hashcat’s open source bitstream firmware. This configures the custom cracking logic.
- Connect FPGA to Hashcat – Attach FPGA board over USB, network, etc so Hashcat can access it as an accelerator device.
- Run hashcat command to target FPGA – Add the
-D 1flag to hashcat to use FPGA acceleration and optimize performance.
That’s the basic process of leveraging an FPGA with Hashcat for high speed password cracking. Now let’s discuss some optimizations when using FPGAs.
Hashcat FPGA Usage Tips
To maximize the performance of Hashcat on your FPGA hardware, here are some usage recommendations:
- Start with benchmarking to identify max performance for your hashes and FPGA config.
- Use multiple FPGAs in a cluster setup for linear scaling of performance.
- Enable
pipeliningin Hashcat to allow simultaneous cracking of multiple hashes. - Adjust
workload-profilesetting based on hash type for best distribution across pipes. - Limit session size with
segmentsoption to keep full pipeline busy and optimized. - Use fastest hashes modes like SHA-256, MD5, NTLM etc to leverage FPGA speed.
- Avoid extensive rules and masks which run slower on FPGAs. Use smarter charset based masks.
- Consider temperature throttling and cooling to avoid FPGA clock down at high load.
Limitations of FPGAs for Hashcat
While FPGAs provide excellent acceleration for Hashcat, there are some limitations to be aware of:
- FPGA boards have high cost compared to GPUs – $100s to 1000s+ USD.
- Require expertise with FPGAs and hardware to setup, optimize, and maintain.
- Not all hash types fully supported or optimized for FPGAs yet.
- Limited memory bandwidth compared to GPUs can restrict performance of memory-intensive hashes.
- Fixed logic means reduced flexibility compared to GPUs programmable cores.
- Cooling and power requirements typically higher than GPU based rigs.
Overall FPGAs unlock order of magnitude gains in Hashcat performance, but require appropriate hardware knowledge and specific optimizations to realize their full potential.
Frequently Asked Questions
Here are some common questions about using FPGAs for Hashcat password cracking:
What hash types can be accelerated with FPGAs?
Hashcat supports FPGA acceleration primarily for fast hash modes like MD5, SHA-1, SHA-256, SHA-512, NTLM, etc. Slower algorithms like bcrypt and Argon2 run better on GPUs.
How much faster is an FPGA compared to GPUs?
High-end FPGAs can be 2-5x faster than the latest GPUs for supported hash types. Mid-range FPGAs are comparable in speed to GPUs while low-cost FPGAs are slower but still faster than CPUs.
Is it worth buying an FPGA just for Hashcat?
For hobbyists doing occasional password cracking, a GPU setup is likely more cost effective. For professional password cracking services or frequent users, FPGAs provide the next level of accelerated performance.
Can I run Hashcat on an FPGA over a network?
Yes, you can connect to an FPGA co-processor over ethernet or PCIe to a host system running the Hashcat client. This allows central management.
What skills do I need to use FPGAs with Hashcat?
You’ll need a background in FPGA development to create the bitstreams, program the devices, and optimize performance. Or leverage existing public bitstreams from Hashcat community members.
Conclusion
FPGAs open up new levels of accelerated performance for password cracking with Hashcat. With proper expertise and optimization, they can provide 10-100x faster speeds compared to even the latest multicore CPUs and GPUs. While FPGAs have a higher barrier to entry, they are extremely powerful for dedicated password cracking use cases.
