I'm wondering if it would be possible to utilize a Bitcoin or Litecoin miner to attack, say, a password database that uses PKBDF2 with HMAC / SHA-256. PBKDF2 uses multiple iterations of a PRF - usually HMAC-SHA1, but sometimes HMAC-SHA-256 - for protecting passwords. The idea is that these calculations have to be performed for each password, so that makes it more difficult for an attacker to test all passwords. The PBKDF2 method is defined in RFC 2898.
Sometimes statements are made that these functions are insecure because of attacks with ASICs and often total amount of Bitcoin SHA-256 hashes is shown as example of what can be done. Now I'm wondering if it would be possible to program a Bitcoin or Litecoin miner to find a password using brute force or a dictionary attack.
- HMAC SHA-256
- the salt is known
- output of PBKDF2 is 256 bit (the output of the hash) or less
- "high" number of iterations, say 4K to 40K
To do this you would have to program HMAC using a single SHA-256. Furthermore, you probably would have to have a method to perform the iterations. The iterations use the same key (derived from the password) for HMAC but the data is dependent on the previous value. Obviously there also needs to be some way to generate or retrieve the candidate passwords.
Would it be possible to reprogram a miner to do this work, or are all the current miners too specialized to perform such operations? Is there a - possibly older - miner that can be reprogrammed to do this work?
Note that this question is about reprogramming/re-utilizing a hardware device. It is not a generic question of using the Bitcoin network to perform cryptographic tasks.
I've added Litecoin to the mix. Litecoin uses scrypt, which is already a Password Based Key Derivation Function in itself, which uses PBKDF2 as underlying PRF (hope that's OK, no answers yet).