Can someone explain that password crack thing in the news?

Barks

Barks

Barks

Soldato
Joined
20 Jul 2008
Posts
4,499
So it can break a Windows password in under 6 hours but in reality how much of a threat is this?

OK. I know nothing about computers/security etc so sorry if I sound clueless but...

Surely with secure things, even say Facebook, if you have more than 2/3 attempts it refuses any more and locks your account.

So how can such a programme force billions of password attempts a second and fail to ignite this fail-safe?

Cheers
 
If someone can do it with a bunch of graphics cards then this is nothing new. Geeks with server farms have done this already.
 
scott212 said:
Surely with secure things, even say Facebook, if you have more than 2/3 attempts it refuses any more and locks your account.

So how can such a programme force billions of password attempts a second and fail to ignite this fail-safe?

Cheers
Click to expand...

Have you even read the article?
 
As an online attack this is merely theoretical computational power only.

Any Enterprise will have lockout policies. 6 hours turns into 1,000s of years with a single setting.

As for offline attacks - Don't let people dump password lists or enforce longer passwords.
 
Last edited:
If someone has physical access to your computer and a 25GPU cluster, then yes, they could break your windows password in a few minutes.

Otherwise, no, because it's specially designed against windows passwords and also any remote login will stop working after about 5 attempts, let alone 300 billion a second.
 
The real threat is that the ever scaling compute power makes it increasingly more feasible to break standard levels of encryption even say 2048 bit RSA in a useful amount of time.
 
It's literally impossible with current tech, if every computer in the world tried to break one it would take quadrillions of years.

It would need a Quantum Computer.
 
I had a disc that would crack Windows XP login passwords.

In fact, I had to use it once when someone locked the production department PC :rolleyes:
 
Windows password resets are nothing new. Trying to break the boot encryption is the issue (i.e. bitlocker). It's a strange thing to announce. Yes if you have a password on an unprotected and un-policied windows computer and that person has access to it then it will be broken. If you give physical access to a PC, again you can get the local admin password (Microsoft produces tools to assist with it as well) in seconds.

Getting into an encrypted, well policied PC is where the money is at.



M.
 
sounds like a waste of time.

why crack a windows password when you can just browse the hdd and take any internet browser caches/saved password .dat files and import them into your own comp etc....
 
scott212 said:
So how can such a programme force billions of password attempts a second and fail to ignite this fail-safe?

Cheers
Click to expand...

To explain it in a very simple way, you don't crack the password. You get the encrypted version of the password and then run the same encryption algorithm on loads of passwords - the output that matches is the correct password, and as many people have said, it's very easy to get those encrypted passwords, hence why it's a stupid idea to rely solely on Windows passwords in any kind of secure environment.

arknor said:
sounds like a waste of time.

why crack a windows password when you can just browse the hdd and take any internet browser caches/saved password .dat files and import them into your own comp etc....
Click to expand...

Because when you have their password you can log in as them and access any secure network shares as well ;)
 
You must log in or register to reply here.
Back
Top Bottom