Cheap GPUs Rendering Strong Passwords Useless 615
StrongGlad writes with a story at ZDNet describing how it's getting easier to use GPU processing against passwords once considered quite strong.
"Take a cheap GPU (like the Radeon HD 5770) and the free GPU-powered password busting tool called 'ighashgpu' and you have yourself a lean, mean password busting machine. How lean and mean? Working against NTLM login passwords, a password of 'fjR8n' can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second. Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU."
Re:So What? (Score:5, Informative)
Windows problem! (Score:4, Informative)
This is really a Windows problem. Windows uses a simple, fast hashing function (I think some version of HMAC). This means that an attacker can churn through many passwords very quickly (apparently billions per second per the article). You should really use a slow hashing function that takes around 0.1 to 1 seconds to calculate one hash on the server. Even a GPU will then take very long! Plus don't forget salt (different per user) against rainbow table attacks, plus key strengthening. Something like bcrypt is pretty good, but scrypt is probably even better as it does not only require a lot of CPU time but also significant memory (making dedicated hardware crackers much more expensive).
Re:Ha Ha, mine goes to 11 (Score:4, Informative)
Re:What about salting? (Score:3, Informative)
Re:Ha Ha, mine goes to 11 (Score:5, Informative)
Exponential growth. Get the point?
Using the same scaling as the summary, you can crack 8 characters with about 64 GPU hours, which is about $50 on AWS.
By the time you get to 10 characters, you are talking $700k. 12 characters is into the billions. Of course, I doubt that AWS will scale their fleet to billions of servers just so you can rent it for one hour, so you're going to have to pay to build your own data centers and, for that matter, chip factories.
Re:And? (Score:2, Informative)
Here's a link to the original article (Score:5, Informative)
Even for Slashdot, this is a little pathetic: the link is to a ZDNet article, which regurgitates a PCPro article, which in turn regurgitates a blog post by the guy who actually ran the tests [wordpress.com], Vijay Devakumar. And here's Ivan Golubev [golubev.com], who wrote the cracking tool.
Still, ZDNet's advertisers thank you for the hits!
Re:So What? (Score:3, Informative)
Solution: Make a stronger password. [grc.com]
Re:Ha Ha, mine goes to 11 (Score:4, Informative)
And that's just to get ONE password. Unless you know what you are going after, you probably aren't going to put in that much effort. And you most likely won't know ahead of time going into it if the password is short enough to be worth even trying (although I suppose you could make some calculated risks here).
Re:So What? (Score:2, Informative)
This is about offline hash cracking, not bruteforcing passwords over a network connection.
Assume someone gets access to a hash table of passwords and cracks many of the passwords. The system itself doesn't matter but the fact users tend to re-use passwords does, especially with seemingly secure and hard to remember random character strings. Assume the hacker knows enough of the users to have a clue about what other systems they access. With a list of user ids and passwords from the first system, they will likely find a combination that works on the other system and this can be done over the network because of the small number.
Re:Who cares? (Score:4, Informative)
Technically, MS *did* use a valid and acceptedly secure hash functions, DES and MD4. The problem is that, because of backwards compatibility across their 20-year product spans, they were not as vigilant in updating the protocols. Even when they *did* upgrade them, they went to MD5 (with NTLMv2) - which was again proced weak - but they continued to use the older protocol which allowed trivial attacks.
Which is why anyone "worth his salt" will laugh if you propose a crypto system which is supposed to last 20 years and is not flexible in its choice of component algorithms.
Re:long random passwords (Score:5, Informative)
It doesn't work like you think it does.
Basically, most modern password protection techniques work like this: they take a password, say "my nice password" and transform it into a hash, say :"uq10ajg901a0##". Now only the hash is stored on the system. There is no way to go from the hash to the password. Classical hash functions are MD4, MD5 and SHA1. NTLM users MD4. Linux mostly uses MD5. There are added niceties likes salt, etc. You can look these up if you want.
When users enter their password, they are hashed again, and the *hash* are compared, not the passwords. If you enter the right password, no matter whether this is a nice word or sentence or jumbled letters, the system lets you in.
Crackers simply assume that the *hash* is available. It is in fact very easy to get it if you have access to the console, both for Linux or Windows. They then generate any and all combination of letters, signs, symbols and so on as input as potential password, they compute their hash, and they compare it to the hashes they know. If there is a match, bingo, they have found the password.
So the upshot is it doesn't really matter what the input password look like as long as the crackers can generate it and compute their hash. If the crackers know that you have used only letters, however, they can cut down dramatically on the numbers passwords they have to generate and save time.
So in some sense you are right but not for the reason you mention.
Hope this helps.
Re:Here's a link to the original article (Score:3, Informative)
Go for length over complexity (Score:4, Informative)
This article spells it out:
http://www.baekdal.com/tips/password-security-usability [baekdal.com]
Too bad most sites are too stupid to allow a long enough password. I'll take a 16-character pass-phrase with all lower case + whitespace over a hard to remember 8 character one anyday.
Re:Ha Ha, mine goes to 11 (Score:5, Informative)
Screw the general population. I'm a geek and a 120+ WPM @ 98% accuracy typist to boot and I can't even enter our administrative password more than 50% of the time at work.
Re:Password Plus CAPTCHA helps (Score:5, Informative)
The quicker CAPTCHA dies the better.
Not only does it discriminate against machines (like it should) it discriminates against humans, too.
I long for the day when the Americans with Disabilities Act gets amended for the interbutt. You are an institution or you do commerce on the Web? You can no longer discriminate against the sight impaired ever again.
Most of the big name CAPTCHAs I've seen have an audio alternative, so what's the issue?
No kidding (Score:5, Informative)
Same shit with all the scare on rainbow tables. I remember the hype of "It can crack any password in seconds!" Then I found out it meant any LM password, which has some real limitations on it (14 characters total max, as two 7 character hashes, no upper and lower case). Ahh, not so impressive then.
Same shit with NTLM. Worlds better than LM, but not current. Wake me when it is a threat vs NTLMv2, which is what Vista and 7 use exclusively unless you manually change security policy (and XP and 2000 support it).
Then there's the fact that they are talking about short passwords. Security comes in length and it goes up drastically with each character. They are crowing on about how easy 7 character passwords are. Ok, fine, try 14 then. It isn't like if 7 takes 18 minutes 14 takes 38 minutes. It is more like if 7 takes 18 minutes 14 takes years.
Also to make a long, secure, password doesn't have to be that hard. Just take a phrase and modify it a bit. Say you decide the phrase "There can only be one," should be your password. Do something like "Th3r3 can only be #1!" Fairly easy to remember, yet you have to exhaust a massive space for a brute force attack.
Finally, all this is an attack against the hashes. While we want hashes to be strong, let's face it they are a last line of defense. This is a situation where someone has already gotten in, gotten high privileges, and stolen that list. This has no relevance to dealing with breaking in to a random system remotely.
Pretty much this is just fear mongering. Yes, you need to use longer passwords these days. So do so. However a short password really isn't as bad as they make it seem. The risk they are talking about here is only if someone happens to get the hash file from a system with NTLM passwords stored that you use a short password on. Given that the only system that qualifies for that for most people is their home desktop, if they get it the hacker has owned your system already (you have to have admin to get the SAM file) so it doesn't matter.
Summary, article, and references all FUD. (Score:4, Informative)
Bottom line: Want a strong password that you can type anywhere? Make it 12 mixed case letters, numbers and at least one punctuation mark. Based on the times claimed in the article, that should take 35,000 current GPU-cracker-years.