[Red] worked the very first time I compiled the entire project. This was a very surprising result. All other projects I had worked on for this class were developed and verified by recompiling and testing on hardware. This project was developed and verified entirely using Quartus' timing simulator and then tested. It would not have been possible to debug this project entirely on hardware due to its size and complexity.
For convenience, all modules were connected to a 27 MHz clock. My testing shows that a search rate of 50 million keys per second (k/s) was achieved on the very first try. This result is also supported by simulation which puts the rate at 60 million k/s.
Tests were carried out using the LM hash of “ECE5760CORNELL”, which is EBCE96A9426BAD0CC3E06CC5D05AE857. The string “CORNELL” is the 1.31E12th key to be searched. The search finished in 446 minutes, which dictates a rate of 50E6 k/s. “ECE5760” is the 2.96E12th key to be search. It was estimated to finish in 1008 minutes. [Red] found the key in 1007 minutes. The design is very predictable in this sense.
Further analysis of simulation data shows that connecting everything to a 27MHz clock puts the search rate at the lower bound.
The right half of the above diagram shows a plot of the rate versus internal clock if DES and key_gen40 did not depend on each other. These numbers are for 40 DES units in parallel. DES is able to achieve a hash rate of 60E6 k/s at 27 MHz and 200E6 k/s at the maximum clock rate of 100 MHz. key_gen40 can generate 95E6 k/s at 27 MHz and 120E6 k/s at the maximum 33 MHz.
We can plot the corner configurations of the two units. If DES is set to run at 100 MHz, the search rate will always be limited by the key generator. If DES is set to 27 MHz, DES itself is limiting the rate. Looking back at the test results, clocking everything at 27 MHz is the slow, slow corner. DES limits the rate to 60E6 k/s. The best configuration would be to clock the DES at 100 MHz and key_gen40 at 33 MHz to achieve the theoretical 120E6 k/s.
[Red] fills the entire FPGA. At 50E6 k/s, [Red] searches the entire keyspace in 42 hours. Two 7 character hashes were tried, one took 7.5 hours and the other took 17 hours. Strings of 6 characters take a maximum of 35 minutes to find. Anything less than 5 characters become a trivial, returning a result immediately.
It is postulate that [Red] can run at 100E6 k/s. At this rate, the keyspace would be searched in 20 hours.
Videos
User Interface Part 1
User Interface Part 2
Breaking a 14 Character Password Part 1
Breaking a 14 Character Password Part 2
Real Time Demonstration Part 1
Real Time Demonstration Part 2