PCFormat Forum Archive

Ok, so I'm a Nvidia fanboy with a older 8800GT in one machine, and 2 x 460's in SLI in my current rig.

For another (not gaming application) I might need to purchase two 5770's or 5750's.. I see a fairly small price difference, so can someone give me the quick and nasty on if the 5770 is worth the extra R200 per card? What makes it that much better? (oh and where do they fall vs the Nvidia opponent?).

Many thanks..
The old timer

Second part of the question:
Graphics Card Hierarchy Chart

i have a 5770 and i L-O-V-E it!!

A 5770 is roughly equivalent to a GTX260 core 216 or a GTS450.

A 5750 is roughly equivalent to a GTS250. I'd say the difference is worth R200.

But why not just get a better and newer single card? A single 6950 will outperform two 5770's in CrossFire with ease at around R3300. Even a 6870 will be a better choice.

How much are you paying for your 5770's?

Here it goes:

5770 is 128bit memory. Your 460GTX is 256bit (I hope you dont have the 192bit versions).
Both cards are dx11.
AMD/Radeon cards are better when processing video and movies.
Nvidia has physx if you really want to enable it.

I don't know the price differences but the 460gtx is better than the 5770.

Ok, maybe a bit more explanation needed. The GTX 460's I have are the decent one's...1gb EVGA EE Superclocked babies. They rock for gaming, but for a MD5 bruteforcing application called 'oclhashcat' they're not that great.

With two (they don't need SLI) you get about 2009m/s (yes thats a lot of math happening on them).
As a reference a 8800GT will give you around 400m/s. I took the MD5 hash of the word "abc123" and it cracked it in 1 second flat! The MD5 hash for "password" took 3 minutes flat to crack.

The application likes ATI cards a bit more

A 5770 overclocked to about 900Mhz will get near 3000m/s (single card). Put two in, and we're talking nice gravy here, and quite a bit cheaper than the 460's. Anyway, it's all just research at the moment. I didn't consider any bigger cards really, though I see 5830's are coming down nicely, or I could just look for two second hand cards to buy.

For some really insane calculations, see here: http://ob-security.info/ <-- 8 (yes EIGHT) 6970's doing 45billion/s..

And http://www.secmaniac.com/february-2011/ ... ng-server/ has 8 (yes EIGHT) GTX580's for CUDA cracking applications.. I'd hate to see their Eskom bills though

If this is what you want, grab two 6990s.

GDI_Lord wrote:If this is what you want, grab two 6990s.

There's several problems with this idea :

1 - C/card doesn't have that much limit
2 - Family is used to three meals a day

2 - Family is used to three meals a day

Well, which is more important, family or 3 meals a day...
sigh, essentially a trick question...

The, silly question do you really require....so much power...?

I'd say load your grafix-needing app(s) up onto your existing rig(s) and test performance to get a gauge on how those do - based on that you might not need to get the big cards.

Sojourn wrote:I'd say load your grafix-needing app(s) up onto your existing rig(s) and test performance to get a gauge on how those do - based on that you might not need to get the big cards.

The only problem I might have with this (and hence the theorycrafting) is that if my thesis proposal gets approved, and involves decoding a mass of MD5 hashes (including salts), it might take a few days.. I don't want to commit my gaming rig to doing this if I could spend 2k on some cheap Radeon's and they will do it while my main rig happily plays Duke Nukem

could you please tell me what you do this for? As far as I can tell your using a brute force attack to crack passwords by using your gpu? Is that right? It sounds pretty interesting:) are you studying CEH?

Ok, first thing, I'm typing this from memory, I might make mistakes in my explanation!

Now, it's not brute-forcing the password in the traditional way. Bruteforcing means you're running a complicated amount of possibilities against whatever application and hoping you strike gold.

I'm more interested in decrypting encrypted passwords. Linux for example stores the password shadow files in MD5 hashes. Another favourite is websites / content management systems store usernames and passwords in eg. a mysql database. Now, if the coding is silly, you can probably retrieve it via some sql injection. To counter that, they encrypt the password using MD5, and store the MD5 hash in the db..

So now you're bored, you found a way to retrieve the entire username and password db from the site via XSS, but the passwords are MD5 hashed. Take the hash(es), give it to something like oclhashcat and ask it to decrypt it. This is where the GPU's come in. GPU's (depending on the speed and amount) will run through it like a knife through butter! 2 X 460's do 2000m/s, a single 5770 using oclhashcat will do around 3000m/s.. Imagine having 4 x 6990's running!

The other way to do it is rainbow tables. It's basically a precomputed table of hashes. If you have a rough idea of the password (say you are working on a old unix system that still uses 6 chars), you precompute a rainbow table of all possible hashes for 6 chars using the gpu power. Find the hash, and you just match the obtained hash with the hash you have and you have the password.

For a real world example, read the Anonymous hack of HB Gary details using XSS and rainbow tables here: http://arstechnica.com/tech-policy/news ... y-hack.ars

Of course, this is just the tip of the iceberg, but yes believe it or not, there are other uses for your GPU's than BFBC2, Star Craft 2 and soon Duke Nukem'...Forever!

As for the studying, I'm doing a Msc in Applied Information Security through Rhodes University...

I believe in russia they banned nvidia geforce cards because of this. I might be wrong but a 8800gt could be used to hack police frequencies. But then again a ps2 processor can be used as a missle guidence system. Its not a game anymore XD

Wow that's hectic! I'm busy with my mcitp now but security and what not intrigues me. But hardware takes the cake, I am fascinated by it and that's why I asked about gpus doing processing work? Never heard of it before now:) thanks

You can also use GPUs to crack WiFi passwords. Good old faithful rainbow tables...

StarBound wrote:I believe in russia they banned nvidia geforce cards because of this. I might be wrong but a 8800gt could be used to hack police frequencies. But then again a ps2 processor can be used as a missle guidence system. Its not a game anymore XD

youtube may be banned, grain ban may be lifted, and call of duty not banned, and a Russian firm hacked wifi with nvidia cards....but so far google is calling your believe BS, there is even an Nvidia office in Russia, they haven't been bombed yet with PS2 guided missiles...and they haven't used PS2 powered suicide robots either....

it is a safe bet that Nvidia cards can still be legally acquired without getting a KGB smuggle ring involved....

zimmer-frame wrote:they encrypt the password using MD5

only if they're still living in 1995... seriously.. MD5 has been a known weak spot for twice that length of time, which is why you will more likely encounter whirlpool/tiger/SHA-2 etc... or even some offshoot of MD5 with a modified dictionary...

finally.. anyone confusing a hash with encryption is in dire need of not teaching anyone anything... ever...... a hash has nothing in common with ciphered content... it's primarily a signature algorithm used to verify integrity... it should never be used in placed of encryption.

rustypup wrote:only if they're still living in 1995...

it's primarily a signature algorithm used to verify integrity... it should never be used in placed of encryption.

..and yet, the amount of times you see it used is frightening!

The nice thing about oclhashcat is that it can cater for salted hashes etc as well, so even if they salted the hash, it can work with it. It also caters for SHA-1 with salt, so if the developer thought he was being "smart", you can still have a go at it..

But yes, I agree that SHA-2 etc should be used more, but in the real world I've seen places ftp'ing c/card details around instead of using something like 'scp'..there is simply no patch for human stupidity or lazyness

Oh look!

Cheap GPUs Rendering Strong Passwords Useless (Slashdot)