As reported in Heise Security, security firm Objectif Sécurité used the solid-state drives to optimize the use of its rainbow tables for XP password hashes. The company, which developed an open-source password cracking tool called Ophcrack, relies on lots of system resources to carry out computations needed for password cracking.

A password must be stored so that the system can refer to it later, when matching it against an access password entered by a user. In any secure system, a password is not stored in plaintext. Instead, the hash is produced by applying a mathematical function to the password. The hash is then stored in the system, and when a user enters their password to gain access, the same mathematical function is applied. If the second hash matches, then the user is authenticated.

Developments in computational power have enabled security experts to take as many password combinations as possible, and apply the mathematical functions to them in advance. The passwords and the hashes are then stored together in a rainbow table. When the hash for unknown password is presented, it can be searched for in the table, and a match found. However, the search process is very processor-intensive.

Objectif Sécurité pre-computes the intermediate steps associated with calculating a password from its hash, and stores these, to speed up the process. However, this increases the size of the rainbow table, and can make it difficult to stored in memory. Until recently, the only feasible option has been to store the rest of the table on a hard drive, but the relatively slow mechanical nature of a hard drive bogs down the whole process. By storing the rest of the table on solid-state drives, which have no mechanical parts and are much faster than their hard drive predecessors, the process can be dramatically improved.

Solid-state drives are still relatively expensive, although Hamish Macarthur, cofounder of storage market research and analysis company Macarthur Stroud, says that they will decrease drastically in price in the next few years. Performance is pushing people to use SSD for caching purposes. That makes it more attractive, and will also increase capacity,” he said.

Objectif Sécurité offers a demonstration recovery service for any Windows password hash on its website.