New 25-GPU Monster Devours Strong Passwords In Minutes - Slashdot

Slashdot

New 25-GPU Monster Devours Strong Passwords In Minutes 330

Posted by Soulskill on Wednesday December 05, 2012 @06:19AM
from the om-nom-nom dept.

chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

This discussion has been archived. No new comments can be posted.

New 25-GPU Monster Devours Strong Passwords In Minutes

Search 330 Comments Log In/Create an Account

Comments Filter:

my password (Score:5, Funny)

by Anonymous Coward writes: on Wednesday December 05, 2012 @06:27AM (#42189817)

So it doesn't matter anymore I'm using 000000 as password ....

Share
twitter facebook linkedin
Re:my password (Score:4, Funny)

by jones_supa (887896) writes: on Wednesday December 05, 2012 @06:48AM (#42189917)

Hey, that's the combination of my luggage!

Parent Share
twitter facebook linkedin
Can it bust my neighbours WPA wifi setup? (Score:5, Funny)

by AbRASiON (589899) * writes: on Wednesday December 05, 2012 @07:28AM (#42190071) Journal

I'm really low on porn at the moment and hit my monthly internet quota!

Share
twitter facebook linkedin
Re:XP Passwords (Score:2, Funny)

by Anonymous Coward writes: on Wednesday December 05, 2012 @07:34AM (#42190095)

Soon, they will be able to build a time machine entirely out of GPUs to go back in the 90s and crack those passwords!

Parent Share
twitter facebook linkedin
Re:first (Score:4, Funny)

by kh31d4r (2591021) writes: on Wednesday December 05, 2012 @08:13AM (#42190269)

imagine a beowulf cluster of these...

Parent Share
twitter facebook linkedin
Re:my password (Score:3, Funny)

by tnk1 (899206) writes: on Wednesday December 05, 2012 @10:57AM (#42191667)

That's awesome! I didn't know Slashdot had that feature! When you type hunter2, all I see are stars where hunter2 would be! And when I type my password ******* everyone else gets these stars!

Parent Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

802 commentsJudge Orders Child Porn Suspect To Decrypt His Hard Drives
377 commentsWhy Everyone Gets It Wrong About BYOD
334 commentsLast Forking Warning For Bitcoin
209 comments450 Million Lines of Code Can't Be Wrong: How Open Source Stacks Up
203 commentsIranian Hackers Probe US Infrastructure Targets

What's the difference between a computer salesman and a used car salesman? A used car salesman knows when he's lying.