In 2001, Hugh Jackman was cracking 128-bit encryption for John Travolta and Halle Berry in the movie Swordfish. Over the next 15 years, computers have gotten a lot faster. We decided to take the 2.7kW Supermicro 8x GPU server STH reviewed last year and see if we can do a bit of cracking of our own.

In the movie, Hugh Jackman’s character, Stanley, is asked to crack a password prompt protected via 128-bit encryption.

The movie had (then) state-of-the-art equipment such as a workstation with seven monitors (LCDs even!) In the fifteen years since the movie was released, we have seen trends towards monitors aligned in a more organized fashion.

The DS3 (45Mbps) connection? Insane speeds then, but now is not that much faster than cellular wireless data speeds in some geographies. This was well before we had hardware encryption on processors making encryption on modern hardware essentially “free”. In 2001 we saw the release of 1.3GHz Pentium 4 chips. These single core processors were about 1/100th the speed of today’s desktop chips. Also, GPU compute has been a major trend which has taken some tasks like crypto hash acceleration to a new level.

Without either Halle Berry or Helga (Laura Lane) peering over our… shoulder, we decided to use oclHashcat to crack a MD5 password hash. We used this version so that we could use our 8x AMD FirePro S9150 GPU compute cards in the Supermicro SYS-4028GR-TR server.

So what happens when you pit MD5 era encryption against a ~$30,000 4U server from 2015-2016? Suffice to say, the result was shocking.

We picked a relatively short password for that era. The leading edge of the millennial generation and those older probably remember the days when you could use passwords like “pass” “user123” or your name like “patrick”. Even into the early 2000s 8-character or longer passwords were not standard. There were infrequently requirements for uppercase letters or numbers. For our video we used the password “swfish12” and translated that into an MD5 hash. Our objective was simple: see how long it would take our server to crack the MD5 hash and get back to “swfish12”.

We went to a local coffee shop and saw what we could do with a laptop and the 8x AMD S9150 system remotely tucked away in the DemoEval lab.

After logging in remotely this is what happened:

Not only did the server crack the password, it did so in less time than it takes to drink a cup of coffee. The actual compute operation had a timeline much closer to a sip of coffee.

Here are a few takeaways from this exercise: