|
2012-12-21, 15:53
|
#1 |
Aug 2012
New Hampshire
32816 Posts |
25-GPU cluster cracks every standard Windows password in <6 hours
|
|
|
|
2012-12-21, 21:10
|
#2 |
"Nathan"
Jul 2008
Maryland, USA
5·223 Posts |
The end of the password age
We're pretty much getting to the point where passwords in the traditional sense are uselessly insecure. No one wants to have to remember some obscure string of symbols that is 13, or 20, or one day, 50+ characters long (my father was *extremely* disturbed when his company required the addition of numbers and a single symbol such as ! or @ to the password). Seems like the real focus ought to be on biometrics: eye scans, fingerprints, facial recognition, etc.
|
|
|
|
|
2012-12-21, 21:11
|
#3 |
"Jeff"
Feb 2012
St. Louis, Missouri, USA
13×89 Posts |
Last fiddled with by chappy on 2012-12-21 at 21:13 |
|
|
|
|
2012-12-22, 01:00
|
#4 |
Aug 2010
Kansas
547 Posts |
That's every "8 digit" password. Couple problems:
1. My smallest password for anything I am required to keep secure is 11 digits. (Maximum 47) :) 2. You'd need a way to try the passwords on the machine itself (correct me if I'm wrong) 3. So many "useable" passwords lock up after 3 unsuccessful attempts. Much easier to steal saved passwords from Firefox :) |
|
|
|
|
2012-12-22, 01:32
|
#5 |
|
Aug 2012
New Hampshire
32816 Posts |
This cracking is based on having the hash of the password. It is not based on attacking a real-time authentication system which would (or should) lock out an account after N number of failed attempts.
A good example of this would be having an encrypted hard drive (with something like TrueCrypt) in your physical possesion, copying the first encrypted tracks into memory, and attacking it until the password was guessed and the drive compromised. [yes I know this particular article is about windows passwords, but the concept is the same] It is interesting that one method of countering this type of attack is using "slow hashing" algorithms where the math/process to compute the hash (not a rainbow attack) has signifiicant overhead. NTLM being a fast hash, vs PBKDF2 http://en.wikipedia.org/wiki/PBKDF2 or scrypt http://en.wikipedia.org/wiki/Scrypt which are designed to to be slow. Last fiddled with by swl551 on 2012-12-22 at 01:54 |
|
|
|
 |
| Thread Tools | |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Prime95 - hours per day question | Przem | Information & Answers | 3 | 2015-10-06 15:16 |
| Factoring 110 digits in 38 hours ! | mohamed | Msieve | 10 | 2013-09-08 06:28 |
| Fujitsu cracks 278-digit crypto | firejuggler | Science & Technology | 8 | 2012-06-20 20:03 |
| non-standard sieve | req | Math | 4 | 2011-12-06 04:17 |
| No progress indication for the last 12 hours. | Kimmy | Hardware | 4 | 2004-12-29 01:48 |
