New Password Recovery Technique Uses CPU and GPU Together 264
BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."
Nice euphemism (Score:4, Insightful)
Hello, Mr. Orwell. *wave*
How does this qualify for a patent? (Score:4, Insightful)
Re:Just wonderful (Score:1, Insightful)
I agree that other forms of authentication will become more commonplace, but I think passwords will continue to be used in a variety of circumstances. At a minimum, they will be no doubt continue to be used as part of some two-factor authentication systems.
What about FPGAs? (Score:3, Insightful)
If the GPU is that fast.... (Score:2, Insightful)
Re:Interesting, but it doesn't matter (Score:3, Insightful)
Re:Interesting, but it doesn't matter (Score:2, Insightful)
http://utcc.utoronto.ca/~cks/space/blog/sysadmin/NetworkAuthDelays [utoronto.ca] explains this issue, pointing out that all the delay does is annoy users who make typos, whilst not hurting attackers.
Re:Just wonderful (Score:1, Insightful)
Consider the number of possible 14-letter words or combinations of words and compare it to the number of possible random combinations. There are some thousands (or maybe millions) of words or combinations of words. Add in the substitution of digits for instances of some letters and you get (being generous here) a few hundred times more possible combinations. So, say 500 million combinations.
Now look at random 14 character strings. Even using only letters there are billions of billions of character combinations that are 14 characters long. By using words or strings of words you are cutting out nearly 100% of the possible passwords.
Besides, long series of random characters aren't really that difficult to remember. Just break them into patterns and remember the patterns.
Re:Poorly written article (Score:2, Insightful)
Re:Just wonderful (Score:4, Insightful)
Except that you can't change the password when it's compromised.