Anti-spam protocol Microsoft easily bypassed by brute-force

By Tim Quax on 03 july 2010

Dumitru Codreanu, Senior Researcher at BitDefender, succeeded in bypassing the Microsoft Postmark-protocol using relatively cheap hardware. nVidia Cuda is used to create the hashes.

The Postmark-protocol is used to confirm the authenticity of an e-mail. It does this by generating a hash from the title and recipient, using a SHA-1 based algorithm, developed by Microsoft. This method would work against spammers because, according to Microsoft:

"The authentication takes between the 10 and 20 seconds, and that's time spammers don't have.".

In my opinion this would be a faulty statement. It's true spammers can't spare such an amount of time, however relying on such an encryption ends in fail by definition, since it's only a matter of time before even the toughest encryptions go down in seconds. Although you could turn to 2048-bits RSA, at least a 8800 GT wouldn't get the job done.

And this is exactly what has happened here. Codreanu uses a GPU in combination with nVidia's CUDA framework. Which GPU, you ask? A Geforce 8800 GT, a cheap videocard available on the consumers market. He succeeds in replicating five hashes per second. which bottles down to 432.000 hashes a day, of which 6% of the generated hashes are invalid.

React on this article

Enter the code here: