Original artwork by Angus McBride
Ringwraith Cluster
[Alpha version source]
Readers of this page are encouraged to send email to
FX regarding possible extensions of this
project or sites they know who would like to run the cluster. If somone thinks
this is a good idea, commercial applications could be possible (but I doubt
any commercial use).
1. Introduction
The RingWraith Cluster Project is about password and key cracking
in a scalable and system independed parallel environment.
The name "Cluster" is not 100% correct, because it is more a
distributed sharing of computing power then a classical cluster
design, which was planned before but resulted in to many issues.
However, the name was kept. "RingWraith" is a term from J.J.R.
Tolkin's work "Lord of the Rings" as the reader surely knows. This
came from the first experimental environment that was used in the
early days of this project. It was build from three 80486 boxes in
a token ring network and suggested the name RingWraiths because
they where all bound to a ring, ruled by a master and worked
(or still work) for the "dark side".
The current implementation is the first one that actually works.
There where former trys and most of them where canceled because of
implementation issues, bad planning and most important the leak of
good and reliable protocol and algorithm definitions.
Although it works now, keep in mind that it is still an experimental
thing and has ALPHA quality.
2. Design Goals
The overall design has only one goal: Crack passwords or
cryptographic keys faster then ever by using a scalable parallel
environment and as much CPUs as possible.
This goal has several subordinated goals:
- Scalability
There sould be as few as possible limitations in the core
algorithms and the protocol that may limit the number of
participating hosts.
Another part is the seamless splitting of the ranges each
host has to process. While it seems to be a simple task it
is the most interesting part in the whole project and there
were a lot of discussions about how to do it.
- Portability
The network communication should be according to existing
standards and the implementation sould not relay on platform,
OS or other features.
- Speed
Although the power of RWC comes from the number of
participating CPUs, speed is critical on the client side.
- Relaiability
Especially when doing brute force attacks on passwords, you
can not accept only one missing combination, because that's
what it is all about and you may miss exactly the one you
are looking for.
The current implementation only handles crypt(2), but can be easily extended
to do any other password-to-crypto stuff.
3. The Cluster
Our current test cluster consists of 10 80x486 systems, 4 Pentium systems and
several "non-dedicated" systems ranging from an Athlon 1300MHz to Latops, all
running Linux (SuSE and Slackware), Solaris x86, FreeBSD or OpenBSD.
They are networked together with FastEthernet cards over a HUB.
4. General Functionality
Functional summary:
- Works on the clear text brute force approach - clear text is transformed
on the client side to the appropriate cryptographic data (hash, crypt(2) ...)
and then compared. No cryptoanalytic triks as effective key length are used to
retain optimal compatibility to the attacked algorithm.
- Runs on a new protocol called RWP (RingWraith Protocol), which is based on UDP
- RWP is random obfuscated by
Bob Jenkins' ISAAC RNG algorithm
- The Cluster member systems can be located on any part of an IP based
network (HINT: the Internet is such a network).
The general approach is as follows:
- Select a character set. This is simply a list of characters you want to
include in the search. It may contain only lower case alphanumeric characters
or the full ASCII 255 set - doesn't matter. This character set is transmitted
to all CPPs (CPU Power Provider - the slaves).
- The DL (Dark Lord - the master) splits up ranges of character blocks
(called Character Permutation Block or CBP) and sends them to the CPPs. These
try them one at the time against the given crypt string. The used algorithm is
called FtR_II and is developed by our resident
algorithm wizard.
- When a failed CPB is reported back to the DL, he compares the time used on
the CPP to a value considered an optimal communication-to-computing rate. This
value can be adjusted. If the CPP needed less time, the next CPB is
bigger.
- When a CPP is not reachable anymore, the same CPB is handed over to
another CPP when it reports back
- All intelligence is in the master so that different master systems can be
developed without changing the slaves. The only thing a slave must know is the
transformation (such as crypt(2)).
5. DarkLord (RingWraith Master)
6. CPU Power Provider (RingWraith)