Forgot your password?
typodupeerror
Security Hardware

New Password Recovery Technique Uses CPU and GPU Together 264

Posted by ScuttleMonkey
from the brute-force-just-means-get-a-bigger-hammer dept.
BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."
This discussion has been archived. No new comments can be posted.

New Password Recovery Technique Uses CPU and GPU Together

Comments Filter:
  • by jcicora (949398) on Monday October 22, 2007 @04:21PM (#21076625) Journal
    So what, will hackers be able to use my computer to crack my password 25 times faster now?
  • Looks like the old password recovery system to me. :)
  • by Tablizer (95088) on Monday October 22, 2007 @04:23PM (#21076663) Homepage Journal
    now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages.
    • Re:Just wonderful (Score:5, Interesting)

      by ScytheBlade1 (772156) <<scytheblade1> <at> <averageurl.com>> on Monday October 22, 2007 @04:28PM (#21076737) Homepage Journal
      I used to think the same. "Eight characters is enough for now, but it's only a matter of time..."

      Then I realized that this doesn't mean IT departments will require longer passwords. Rather, this is the death of the password, in place of other authentication methods (smartcard, biometrics, others, and combinations of everything).

      It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.
      • by Tablizer (95088)
        I wonder why a restriction couldn't be put on how many times passwords are tried? Why is somebody able to get the password file to loop on in the first place? Rather than a file, perhaps the password manager needs to be a device and only a device (chip?), not a file, which limits the number of tries per second. Either don't use or don't allow access to passords in declarative (data) form. Make all access have to go thru an interface. And, if the interface is used too many times per minute, it can throttle i
        • Re: (Score:3, Informative)

          by ScytheBlade1 (772156)
          That's not the problem. The problem is primarily people who gain physical access to the hashes, and load them onto much beefier machines to do the processing for them. 100% CPU for days on end will eventually warrant a call to the help desk stating that their computer is "too slow."

          While I agree that for this to be a problem, a previous security hole has to exist somewhere, it's more the "what if that happens" that is the problem. If a hash, and just a hash is stolen, it's not exactly going to set off alarm
      • by Anonymous Coward on Monday October 22, 2007 @05:10PM (#21077409)
        Add 1 letter and you've increased the time it takes to hack by 26x (although it's probably closer to 100x with punctuation and the like). So 25x is irrelevant. So is 250x. Only something that makes it non-exponential would really make a difference.
      • Re: (Score:3, Informative)

        by sco08y (615665)
        It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

        It means the search space needs to be 25 times as big. That means the password needs one more letter.
      • Re: (Score:3, Informative)

        Or you could start using a more secure hashing function!

        The time it takes to calculate the hash is insignificant for a real user, but an increase of even a tenth of a second to an attacker could mean the difference between a day and a week to crack a hash.

        bluefish hashes take a long time (relative to md5 and sha1) to computer because the initialization takes a long time, there is no way to accelerate this initialization it must be preformed synchronously.

        OpenBSD FTW!
      • Re: (Score:3, Interesting)

        by schmiddy (599730)

        Happily, it seems some companies are finally getting the message that longer passwords does not necessarily mean a more secure system. I know of at least one well-known security software company that has recently revised its stringent password policy from "super long, with numbers and punctuation, changed every 30 days" down to "less long, and you don't have to change it nearly as often".

        I'm guessing they had a security audit quietly done, wherein it was discovered that paying a janitor $20 to look for

    • by justin12345 (846440) on Monday October 22, 2007 @04:40PM (#21076927)
      I guess they are going to have to start making long, rectangular post-it notes now.
      • I guess they are going to have to start making long, rectangular post-it notes now.

        They already do. 3" x 5" for starters.

        (The ones in my desk organizer are from Staples but I think 3M makes "real post-its" in that size, too.)
    • by legirons (809082)
      "now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages."

      http://ars.userfriendly.org/cartoons/?id=20071001 [userfriendly.org]
    • Re: (Score:2, Interesting)

      by slyn (1111419)
      I never got why people have so much trouble making up and remembering long passwords. I'm going to assume everyone here understands leetspeak, and enjoys something (i apologize to all the chronically depressed, i'm not trying to be an insensitive clod).

      If you like music, use lyrics and translate them into leet. Example: WelcomeToTheJungle becomes W31c0m3707h3Jung13
      If you like movies, use famous quotes and translate them into leet. Example: FranklyMyDearIJustDontGiveADamn becomes Fr4nk1yMyD34r1Jus7D0n7G1
    • Heck, I was doing that in OpenVMS 10 years ago. Not for security, though.. I'm just a bastard.
      • by Tony Hoyle (11698)
        I remember VMS (not tried the open version so not sure if it did this). There was a parameter to set password that'd give a list of completely unreadable junk passwords to use.. the problem was they were so damned complex there was no was a normal human being could remember them.. so nobody ever used it (except a few nutters, and they wrote their passwords down!).
  • by wildsurf (535389) on Monday October 22, 2007 @04:25PM (#21076701) Homepage
    If brute force isn't working... you aren't using enough of it.
  • From TFA: (Score:5, Funny)

    by Anti_Climax (447121) on Monday October 22, 2007 @04:26PM (#21076705)

    For example, the logon password for Windows Vista might be an eight-character string composed of uppercase and lowercase alphabetic characters. There would about 55 trillion (52 to the eighth power) possible passwords. Windows Vista uses NTLM hashing by default, so using a modern dual-core PC you could test up to 10,000,000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft's new technology, the process would take only three to five days, depending upon the CPU and GPU.
    I can't tell if the proper response to this is to recommend longer passwords or advise against using Windows Vista

    Oh wait, both.
    • Re:From TFA: (Score:5, Interesting)

      by Otto (17870) on Monday October 22, 2007 @04:31PM (#21076767) Homepage Journal
      Or to just stop using passwords. Why can't I login with a USB key that has some piece of information which is signed using my private key on it?
      • Nowadays the locks in the cars are nearly impossible to open without the key. So what do criminals do? They steal the keys. So USB key is obviously not the perfect solution for this problem.

        But what if we would protect the data on the USB key with a password...
        • Re:From TFA: (Score:5, Interesting)

          by blhack (921171) * on Monday October 22, 2007 @05:01PM (#21077273)
          True, but it you create an easy way for a user to disable their own account this isn't as much of a problem. Create a 1.800 where you put in a (much easier) password that will allow you to disable access to your account. This way, if your key gets stolen, you just go into I.T. in the morning and have them issue you a new one.

          Not to mention the fact that when talking about password, your biggest enemy is some phiser sitting in russia....who is NOT very likely to fly to the states to steal your key. If your data actually is important enough to justify a hiring somebody to steal it, then chances are you are using biometrics/bullets to lock people out anyhow. If you're not, then tell you CIO to stop spending money on frosted glass NOCs that are suspended from the ceiling above your data center that is kept at a constant 42 degress and tell him to start spending it on real engineers.
          • Seems like that method would open up a new DoS vector, just brute-force the disable passwords until everyone's locked out
            • Re: (Score:3, Interesting)

              by blhack (921171) *
              No:

              lUser: 1.800.pas.swrd
              Phone Operator: Hello, this is Ryan in the I.T. department, how may I help you?
              lUser: Omg! i left my purse on the table in the restaurant, my key was in there....will you disable my account?
              Phone Operator: Sure may i have the password?
              lUser: The password is bananas
              Phone Operator: No, thats not the password, you only get two more tries before I call the number we have on file for this user and ask her what the problem is.
              lUser: AHHH AHHA AHHHHHH is the password, uhhh....... *click*
        • by AK Marc (707885)
          Nowadays the locks in the cars are nearly impossible to open without the key. So what do criminals do? They steal the keys. So USB key is obviously not the perfect solution for this problem.

          It's a great solution to the problem. They have to get physical access to you. That will stop 99.99% of all password cracks. Almost all are done remotely, often through security vulnerabilities (including stupid users). Only the most targeted attacks (someone that doesn't want random computers for bots or to break
      • by blindd0t (855876)
        Well, I can't be the only one who would run that sort of thing through the washer and dryer... Perhaps that with a backup/secondary USB key would suffice? Furthermore, people would require some training/guidance on physical security with that sort of thing (i.e. telling them to keep it with their house/car keys). People already write their passwords and leave that on their desk, and leaving the physical usb key on the desk would be no better. What could be really cool, however, is if the device doubled
        • by pthor1231 (885423)
          USB keys can go through the washer and dryer, no problem. I have sent my 2GB stick through a complete wash/dry cycle easily 10 times, and it still works fine.
      • Re:From TFA: (Score:4, Informative)

        by DeadBeef (15) on Monday October 22, 2007 @04:57PM (#21077221) Homepage
        If you are connecting to Linux or a BSD or anything else that runs openssh, then you can have something along these lines now. Setup an openssh DSA key, copy the public key to whatever machines you need to log into and then you can disable password logins in /etc/ssh/sshd_config altogether. If you are running Linux then for extra credit configure pam_ssh to get single sign on with an ssh key agent. If you are running windows as your client then you will have to make do with putty and pagent.

        Passwords are so last century.

      • by Joe Snipe (224958)
        Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

        because I stole the key from you while you were getting a starbucks?

      • Re: (Score:3, Interesting)

        by Deadplant (212273)
        Because USB is insecure.
        (assuming XP) When you plug in your USB key to login to your banking website it reads the signed key/password/whatever and signs you in. Great. Meanwhile... your screen-saver and the 'search bar' you installed also read your key and upload it to Mr. Nasty.

        What you would need is a USB key with a processor to do the signing/challenge response internally.
        • What you would need is a USB key with a processor to do the signing/challenge response internally.

          And a built-in user interface that lets you know what challenge you're providing a response to.

        • by arivanov (12034)
          No they will not.

          Because, as a matter of fact, on devices like this the key never leaves the device. The device has an RSA engine and the actual public key cryptography happens on the key. If implemented correctly the request travels all the way from the server to the key and back. Not particularly difficult to do. I have an account with a bank in an ex-soc block backwater that does that for the electronic banking. It even uses a third party "national id" smart card for the purpose.

          So the toolbar and the se
      • by sco08y (615665)
        Why can't I login with a USB key that has some piece of information which is signed using my private key on it?

        Better: a CAC reader (~ $25) and a smartcard. I can use my military ID to log into my AKO (an awful Army portal web site) account from Safari (on OS X 10.4) without installing any software on the client side. And, of course, if you install lots of crap and have an elaborate set up you can use it to log into Windows. Without much work, I can use it to sign code and emails and what not.

        Why not use a
    • And you can't forget to factor in the fact that on average a password will be found in half the time of an exhaustive search, so you're looking at a day and a half to two and a half days per password. When you're hacking the right computer, that's completely and perfectly acceptable.
  • by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Monday October 22, 2007 @04:26PM (#21076715) Journal
    Pricing for these apps is pretty steep [elcomsoft.com] at $1,299 per machine license. Well, maybe not so steep if you consider how valuable it could be for you. It doesn't say if that has the GPU utilization with it yet or not.

    Also, I wonder if they've investigated using SLI & CrossFire with these. That seems like something obvious to me but not included in the article. I'm unaware of their implementation but it sounds like it could be parallelized--and accross 2 or even 4 cards, that could get hilariously powerful.
  • Nice euphemism (Score:4, Insightful)

    by otmar (32000) on Monday October 22, 2007 @04:26PM (#21076721) Homepage
    "Password Recovery" sounds so much more benign than "Cracking Passwords".

    Hello, Mr. Orwell. *wave*
  • Finally, (Score:5, Funny)

    by Tablizer (95088) on Monday October 22, 2007 @04:29PM (#21076741) Homepage Journal
    I can now release the 12,000 monkeys I kidnapped for the task.
  • I thought this was the task for the PS3. Maybe you can use it's GPU in addition to its Cell.
    • by lexarius (560925)
      Not if you're using Linux. The GameOS hypervisor currently blocks access to the GPU. All you've got is framebuffer.
  • I wonder what's patentable about using a cpu thats a better fit to get the job done quicker?
    • by querist (97166)
      I am not sure this could be patented. (IANAL, etc.)

      This looks like a new spin on the old Commodore 64 trick of pushing computation tasks off to the CPU in the model 1541 floppy drive. It is interesting that someone has done it. I am sure many of us have thought about this, but the folks at ElcomSoft actually did it.

      Pretty cool, IMHO. Also, somewhat frightening.

      And, just for fun, I need to add the obligatory "...but imagine a Beowulf cluster of these!"

      Actually, that would be interesting - sort of a nested cl
  • by Nathanbp (599369) on Monday October 22, 2007 @04:35PM (#21076837)
    What seems to have been missed in the discussion so far is that this company is applying for a patent on their technique, which they claim is "revolutionary." I really hope that this doesn't get granted, as it would open a whole new realm of stupid patents for "X on a graphics card," which is about as stupid a patent as "X on the internet."
    • Using normal standards of prior art, the NVidia dev kit for their GPU and the folding@home application on ATI video cards should be enough to show that "on a video card" is pretty standard nowadays.
  • by jshriverWVU (810740) on Monday October 22, 2007 @04:35PM (#21076845)
    This project has been around for a long time: http://www.gpgpu.org/ [gpgpu.org] Though I agree modern GPU's are even more useful for general purpose computing.
  • by frovingslosh (582462) on Monday October 22, 2007 @04:36PM (#21076855)
    I've read the article (such as it is), and it keeps claiming that this is a technique to recover "lost passwords". But I don't really believe that is the purpose of this software, and I have to ask "What is the difference between a 'lost password" and a password that belongs to someone else and not you?". Does anyone else really believe that the actual use of this software will be to assist the majority of users recover their own passwords? I do not. I suspect it might be harder to patent a tool for identity theft than for recovering "lost passwords" though.
    • by querist (97166)
      The difference between a "lost password" and "cracking someone else's password" revolves around the legal right to access the information.

      "lost password" situations (obviously, not an exhaustive list):

      I could forget a password for something. I've done it before, and I'm sure I'll do it again.

      I could be hit by a bus and my employer will need access to my encrypted files. (Granted, we have a better system to handle this, but I think you understand.)

      "cracking":

      trying to access your soon-to-be-ex-wife's files t
  • What about FPGAs? (Score:3, Insightful)

    by FlyByPC (841016) on Monday October 22, 2007 @04:38PM (#21076891) Homepage
    FPGAs (Field-Programmable Gate Arrays) sound like they would be just the ticket for SIMD (single-instruction-multiple-data) calculations such as this. Configure up a bunch of FPGA chips to do the encryption calculations on a zillion combinations in parallel...
  • by Zymergy (803632) * on Monday October 22, 2007 @04:43PM (#21076961)
    Petter Nordahl-Hagen's Offline NT Password & Registry Editor: http://home.eunet.no/~pnordahl/ntpasswd/ [eunet.no]
    NOTE: Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2), Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit.
  • by ClayJar (126217) on Monday October 22, 2007 @04:45PM (#21077005) Homepage
    I'm just wondering, should I take the summary as intentionally ironic (i.e. as if it had referred to an operating system "by a company called Microsoft"), or should I assume it was written by someone *fascinatingly* oblivious to the recent history of decryption software and the disputed legalities thereof? An informed, non-ironic summary would simply say, "...by ElcomSoft...", of course.

    For any of you who may have been living under a rock (possibly on another planet), ElcomSoft is the company that was employing Dmitry Sklyarov, who was arrested in the US on DMCA charges when he'd come to present at a conference. Wikipedia has more [wikipedia.org].
    • by GiMP (10923)
      > arrested in the US on DMCA charges when he'd come to present at a conference.

      Something particularly notable since at the time, the DMCA was a very new law. It was, I believe, the first notable case putting the DMCA to test in court. Furthermore, the case was a particular rallying point amongst geeks, not only because of the potential consequences it had for US Citizens, but also for visitors to the US; Dmitry had at worst provided a presentation in the US. (he did not develop or design anything on
  • Like searching chess positions or recognizing text? I was under the impression it very limited and requires specific types of input with restrictions on which operations can be used.
    • by compro01 (777531)
      modern GPU's have been becoming increasingly general purpose since the introduction of programable shaders.

      NVIDIA's CUDA [wikipedia.org] and ATI's CTM [wikipedia.org] are examples of this.
    • by julesh (229690)
      Like searching chess positions or recognizing text? I was under the impression it very limited and requires specific types of input with restrictions on which operations can be used.

      GPUs aren't very good at algorithms that require a lot of indirection or a lot of jumps. They work because they arrange incoming data in a stream and process large chunks of it in parallel. Both of the applications you suggest are unlikely to benefit hugely from GPUs. Chess position ranking could probably work well; set up a
    • Re: (Score:3, Interesting)

      by Wavicle (181176)
      GPUs were foremost designed to execute large numbers of linearly-ordered simple matrix/vector operations per clock cycle. When it comes to generating 3D, there isn't much in the way of branching, recursion or conditional execution involved. I haven't checked recently, but it used to be that a "pixel pipeline" referred to a unit that could do a 4x4 * 4x1 operation in a single clock (16 multiplies and 12 adds).

      Coincidentally this also helps a large number of scientific applications, such as molecular dynamics
      • Re: (Score:3, Interesting)

        by smallfries (601545)

        GPUs were foremost designed to execute large numbers of linearly-ordered simple matrix/vector operations per clock cycle.

        Minor correction - I know what you mean when you say "linearly-ordered" but a more accurate way to describe it would be: large sets of independent operations per clock-cycle. The sequential encoding that happens between clock cycles is true of most processors, and not specific to GPUs. The key is high performance is the lack of communication between separate instances of the pixel shader

  • ...why not just put the OS on the GPU and use the CPU for mundane things? :)

  • by dfn_deux (535506) <datsun510.gmail@com> on Monday October 22, 2007 @04:49PM (#21077085) Homepage
    Anyone car to point me to one of these mythical video cards with 128 processors and 1.5 gig of fast on board memory? Also, at the price point they are asking for this software (1200USD per seat) it seems like this is hardly cost competitive with doing this same sort of thing using commercially available FPGA dev/prototype boards and open source software designed for this EXACT task.
  • by Deadplant (212273) on Monday October 22, 2007 @04:53PM (#21077153)

    And with as much as 1.5 Gb of onboard video memory
    Not knowing the difference between a bit and a byte == Fail.

    ElcomSoft has discovered and filed for a US patent on a breakthrough technology ... harnessed the combined power of a PC's Central Processing Unit and its video card's Graphics Processing Unit. The resulting hardware/software powerhouse will...
    Referring to the (obvious) use of a new library/sdk from NVIDIA to improve performance of an existing application as the "discovery of a breakthrough technology" ==
    Fail.

    ...allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords.
    Cut and pasted from "How to write with spin for dummies"
    Fail.

    ...will be incorporating this patent-pending technology into their entire family of enterprise password recovery applications.
    Corporate press release copy and paste == Fail.

    Numerous grammatical errors == Fail.
  • Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor even at the things like number-crunching?

    Is it because the GPU engineers can completely redo the thing from scratch whenever they want to, whereas the CPU-designers are held back by the backwards-compatibility issues?

    Computer Science teaches, programmers aren't supposed to have to do "tricks" like this — you code, and the translator (compiler or intepreter) will tran

    • by ZorbaTHut (126196)
      It's because CPUs are designed to run long streams of sequential instructions very, very quickly, with utterly random access to data, while GPUs are designed to run huge numbers of instructions in parallel very, very quickly, with relatively restricted access to data.

      A huge amount of modern CPU design is taken up simply by attempts to predict what will happen next, and attempts to allow blazing through a single long instruction stream as fast as possible. Parallelization gives tremendous speedups, as long a
    • by DrSkwid (118965)
      There is nothing wrong except your understanding of the difference between a general purpose CPU and a specialised purpose CPU.
    • by lakeland (218447)
      No.

      CPU designers are held back by trying to give good performance to general purpose programs at the same time as supporting these specialised uses. They've tried, we have 3DNOW, SSE, SSE2, SSE3 and others but it is too hard for them to compete with a GPU which doesn't have to support general purpose use. A GPU doesn't even have to deal with things like interrupts or memory protection!
    • by julesh (229690) on Monday October 22, 2007 @05:58PM (#21078033)
      Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor even at the things like number-crunching?

      You need to rephrase your question, because it makes an incorrect assumption. Here:

      Why is the GPU a processor dedicated to nothing but "pretty graphics" so much more powerful than the central multi-purpose processor especially at the things like number-crunching?

      The answer is obvious if you think about it: those "pretty graphics" are a huge number crunching problem. That's all there is to it. GPU's, however, aren't very good at tasks that don't do exactly the same thing huge numbers of times. This is true of most applications. Including the applications that run on the PC to control what the GPU does in stuff like what the story's talking about.

      Is it because the GPU engineers can completely redo the thing from scratch whenever they want to, whereas the CPU-designers are held back by the backwards-compatibility issues?

      Partially. Modern GPUs have (I think -- I don't keep up to date) 256 bit wide memory interfaces, running at close to gigahertz speed. This means they can transfer to and from their memory at about 4 times the rate a PC can. This is possible because (1) graphics card manufacturers don't mind the types of memory they use changing on a virtually model-by-model basis and (2) they also don't mind being stuck with non-expandable memory that's soldered directly onto the card right next to the GPU.

      It's also because GPU engineers can sacrifice a lot of the flexibility of a PC. So what if the pipeline stalls if all 32 threads aren't doing exactly the same thing at the same time? Most of the time, they will be.

      Computer Science teaches, programmers aren't supposed to have to do "tricks" like this -- you code, and the translator (compiler or intepreter) will translate from your programming language to the hardware instructions.

      So why did my CS course have a module where we learned how the hardware worked? About memory hierarchies? About SISD, SIMD and MIMD processors? Why does Knuth's The Art of Computer Programming, possibly the most important book ever written on CS, approach problems at an assembly language level? Why, in my CS course, did I learn two different kinds of assembly language (one CISC, one RISC)?

      Because CS is concerned with a holistic view of computers. With the fact that they are machines for executing instructions, and what can be done with those instructions. With the fact that it may be more efficient not to specify that much detail, but also the fact that, from time to time, you do need to do that.
      • by julesh (229690)
        Modern GPUs have (I think -- I don't keep up to date) 256 bit wide memory interfaces, running at close to gigahertz speed. This means they can transfer to and from their memory at about 4 times the rate a PC can.

        Correction: modern GPUs have a 384 bit wide interface, running at 800MHz *dual-pumped*. Compare with the Intel Core 2's 128-bit wide, 333MHz dual-pumped interface, and you'll see that it's actually over 6 times faster at accessing memory.
  • So someone takes software to brute force crack a password. Throw in a GPU, and wham! A new patent. How is this anything but evolutionary? It certainly is not revolutionary or "innovative".

    This is the same damn thing that has been done before, except now a GPU is used to help. That is it. Software patents suck. Real bad.
  • Seriously, it looks like I should boot Linux on the GPU and use the CPU for general I/O. Then my PeeCee will be 25 times faster. See the cool ASCII graphics...
  • Hello, I would like to order one of your _cheap_ PCs, specifically the one with 128 GPU:s which I will turn into a supercomputer with this great software. I need it to recover my lost windows password. Thank you. And by the way do you still have those low-energy, standard socket 1.21 gigawatt bulbs?
    • by julesh (229690)
      Hello, I would like to order one of your _cheap_ PCs, specifically the one with 128 GPU:s which I will turn into a supercomputer with this great software.

      Not 128 GPUs. A GPU with 128 pipelines, which is standard for a top-of-the-range card these days.
  • by ZorbaTHut (126196) on Monday October 22, 2007 @05:24PM (#21077643) Homepage
    unless you're using a crappy password scheme like Vista's, for example.

    This is a process that lets you brute-force passwords 25 times faster. That's pretty neat, I'm not arguing that. It's extremely clever. But this speed [i]shouldn't matter[/i], because cracking passwords a mere 25 times faster shouldn't matter either. The problem comes down to how people are designing a lot of password schemes. They're aiming for speed. The article says the new technique can try ten million passwords per second on a single computer. Division tells us that, beforehand, the computer could process 400,000 passwords per second.

    When was the last time you had four hundred thousand users logging into a single computer per second?

    Checking a password should be slow. Brutally slow. I mean, quite literally, that just checking to see if the user's password hashes correctly should take at least a hundredth of a second. You're not going to have a hundred users logging in per second on a single computer anyway, our modern database-driven sites couldn't handle the load of displaying the login pages, so why are we making our password schemes so flimsy?

    If you use a slow password hash generation - and this can be something as simple as iterating MD5 over itself ten thousand times - whoever's trying to brute-force your password scheme is going to have a horrible, horrible time of it. Add a basic salt to the mix and you will not have anything to worry about from this. If your password checker takes a hundredth of a second, then 25 times faster means your adversary is going to spend $1300 on software in order to try 2500 passwords per second. If you have an appropriate salting system that's 2500 passwords for a single user. This is not the death knell for passwords, or anywhere near it. If anything, it's the death knell for crappy password hashes - but it's not even that, since you could trivially foresee things like this years in advance.

    Brute-force password cracking, by its very nature, is millions of times more expensive than merely verifying a valid user. From there, it's up to you to determine how safe you want your passwords to be. Personally? I'm fine with wasting a few extra hundredths of a second per user.
    • Re: (Score:3, Insightful)

      by flyingfsck (986395)
      All password checks on my machines take 10 seconds minimum. A strategic 'sleep(10)' does the trick. There is no need to calculate MD5 hashes repeatedly to waste an attacker's time. A nice sleep() allows the server to go do something more useful.

"The pyramid is opening!" "Which one?" "The one with the ever-widening hole in it!" -- The Firesign Theatre

Working...