Elcomsoft patent on GPU password cracker

Does anyone know the USPTO application number for the patent Elcomsoft filed on GPU cracking?
[url=“Digital Forensic, Data Decryption and Password Recovery Solutions for Law Enforcement, Forensic and Corporate Customers | Elcomsoft Co.Ltd.”]Digital Forensic, Data Decryption and Password Recovery Solutions for Law Enforcement, Forensic and Corporate Customers | Elcomsoft Co.Ltd.

Wondering what they claimed due to the vast amount of prior art on using GPU’s for crypto cracking, such as:
[url=“http://www.springerlink.com/content/tm9402n46173qr6g/”]http://www.springerlink.com/content/tm9402n46173qr6g/[/url]

-Patrick

Patents are worthless. Forget about them. Worry about prior art when you get frivolously sued.

P.S. Searching ‘elcomsoft’ in applications and issued patents yield some hits that cite the firm, but no filings by them. It’s possible they never really filed their application.

Encryption != Password Recovery.

Application is filed, I don’t have USPTO ref. with me now.

Anyway, I guess this is not a proper topic for this forum, so I just suggest you PM me in case of further questions.

Don’t care about that. Even if they really filed an application (which I doubt) and even if they get it approved (which I strongly doubt) that patent would not stand the test of time. Call it what you want - GPGPU in that case is trivial and has been done before. The patent would just be a worthless piece of paper to wave around.

“Patent pending” is just a marketing gag…

Application filed in September, 2007.

Any references, please?

There is a project going on at the University of Iowa concerning NTLM and there is WPA-PSK at [url=“Google Code Archive - Long-term storage for Google Code Project Hosting.”]Google Code Archive - Long-term storage for Google Code Project Hosting.

That not “before”.

Once again: we’ve filed application in Sep 2007, first commercial product utilizing GPU released Oct 2007, PoC code released to general public in Apr 2008. Pyrit started Aug 2008.

Any references proving word “before” in your statement, please?

That’s interesting. Can you provide more information (links, contact details)?

I don’t have that ref with me now. Please write me a mail when your application was accepted.

Oh good old internet.
[url=“http://i140.photobucket.com/albums/r16/TenaciousCDSM/arguing.jpg”]http://i140.photobucket.com/albums/r16/Ten...DSM/arguing.jpg[/url]

How about the word “trivial”?

Of course, the patent system is corrupt bs. Wouldn’t be surprised if doing password cracking with a GPU wasn’t considered obvious to anyone skilled in the art.

Okay, “trivial” is closer.

Some people were claiming that password recovery on GPU was done long before us but none of them have provided references except for “NSA have been doing this for ages”.

One important point of patent here is protecting from patent trolls. I really cannot understant why people are so nervouos about that application… Patent is just one way for business to protect its intellectual property and our management decided to use it.

Haha. Unfortunately, that’s true. It reminds me of a story I read a week or two ago about how a defence contractor patented the concept of patenting other companies’ inventions. I kid you not.

So we get a completely new class of meta-patents? It seems the US patent system is even more messed up at the moment than even I suspected :)

Yeah, it’s also authored by Halliburton, of all people: http://www.theregister.co.uk/2008/11/10/halliburton_patent/

I’m so glad I live in Europe.

Unfortunately your company’s idea fails to meet two requirements of the patent process which are 1) prior art and 2) not obvious to one skilled in the art. The concept of accelerating DES for LANMAN and traditional Unix crypt(3) was implemented by a number of people pre-CUDA, enough so that a reporter asked Solar Designer, the author of John the Ripper, in an interview if he had plans to do so (Feb 2006) http://www.securityfocus.com/columnists/388. And I think its completely appropriate to discuss products incorporating CUDA in a forum called “General CUDA GPU Computing Discussion”.

EDIT Further googling quickly yields a number of results, such as http://www.governmentsecurity.org/archive/t6212.html EDIT

-Patrick

pstach, let the USPTO decide wheter our application meets the requirements or not.

I’ve explained one important reason for filing it just a few posts before, and I believe that this is already enough.

There’s no prior art on the links you gave – both say “gpus are not suitable for password recovery”.

I am not aware of any password recovery software (with GPU support) which was released before October, 25, 2007 (we’ve released GPU-enabled version of EDPR on that date), so there is no prior art.

Also, I do not understand all this buzz around our application – if you think it is trivial and not patentable – don’t worry, USPTO will decline application.

Sure, the USPTO has to decide, however getting a patent and it being enforceable are two entirely different things. Further I don’t know what your claims are like, which is why I was asking for the app number since PAFT didn’t return any results.

Well in the first link it was mentioned that GPUs were inferior to FPGAs, which is in fact the case as evidenced by http://openciphers.sourceforge.net/oc/lm.php and numerous predating projects. However FPGAs are outside the grasp of your average home user… at least for the time being.

I’m not trying to deflate your boat here, I’m just pointing out password cracking on GPU’s is a dead horse, beaten to death long before your company even took an interest in the subject as it was one of the first non-graphical uses of GPUs illustrated (http://www.gpgpu.org/data/history.shtml circa 99) due to the fact performing simultaneous crypto operations (for most algorithms) is well suited on the device.

-Patrick

Two years later it finally possible to read patent text (it wasn’t possible to find USPTO ref earlier simply because the text wasn’t open to public). Use #7787629 for look up, or, for example, this link – Use of graphics processors as parallel math co-processors for password recovery

Abstract part of patent:

Claims part looks just weird – why it called “invention”? Seriously, is US patent system that bad so it’s possible to patent such things?

I’ve seen several projects related to password recovery on GPUs here and on other GPGPU related forums (I’m personally interested in this area), some of them are commercial. Now you should consider the fact that releasing such products at US market most likely will ends with ElcomSoft’s attempt to sue you because of patent infringement. And even using freeware GPU accelerated password recovery programs at US territory can be treated as patent infringement.

I’m not expert in US patents, so I can be wrong somewhere. But it clearly not looking good at all.

Two years later it finally possible to read patent text (it wasn’t possible to find USPTO ref earlier simply because the text wasn’t open to public). Use #7787629 for look up, or, for example, this link – Use of graphics processors as parallel math co-processors for password recovery

Abstract part of patent:

Claims part looks just weird – why it called “invention”? Seriously, is US patent system that bad so it’s possible to patent such things?

I’ve seen several projects related to password recovery on GPUs here and on other GPGPU related forums (I’m personally interested in this area), some of them are commercial. Now you should consider the fact that releasing such products at US market most likely will ends with ElcomSoft’s attempt to sue you because of patent infringement. And even using freeware GPU accelerated password recovery programs at US territory can be treated as patent infringement.

I’m not expert in US patents, so I can be wrong somewhere. But it clearly not looking good at all.

All patents (in the US anyway) look like this. They have evolved a peculiar language of their own, and a strange set of rhetorical habits required to shoehorn new branches of science and engineering into an old system. For example, software patents always make reference to the embodiment of the algorithm (the actual thing you are trying to monopolize) in hardware to make the invention appear more mechanical in nature. Math is, generally speaking, not patentable, so you need your software to sound like a device and not like a mathematical procedure.

Basically, patents in software are a defense strategy of mutually assured destruction. You need patents because your competitors have patents, and everyone infringes each other’s patents as written because the claims section is specified as broadly as you can get past the patent examiner. Thus, the only way to “protect” yourself is to ensure that you have a gun pointed at everyone who has a gun pointed at you. The Cold War truce sometimes breaks down, as you can see from the explosion of multi-way lawsuits in the smartphone space:

http://bits.blogs.nytimes.com/2010/03/04/an-explosion-of-mobile-patent-lawsuits/

(The figure is already out of date. Motorola and Apple are now suing each other as well.)