3.3 billion passwords guessed per second

JBod

JBod

JBod

Soldato
Joined
1 Sep 2007
Posts
5,315
Location
Santa Monica, California
Woo! My first RSS feed: http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second.
Click to expand...

This is against Windows password manager.

That is freaking insane, who would have thought that hiding amongst OCUK are a bunch of password cracking super computers. Maybe this should be a new benchmark for testing GPUs?
 
Pretty incredible... I wonder if in the future passwords for the internet will disappear and we will have another means to login to your accounts...
 
Tis startling in a way but not entirely new.

I believe hardware "passwords" are going to be more prevelant in the future.
 
Marky said:
Pretty incredible... I wonder if in the future passwords for the internet will disappear and we will have another means to login to your accounts...
Click to expand...

probably means you get banned for 24hours for trying to ddos the site guessing a password billiosn of times :D
 
The only situation under which this is applicable is where you have stored encrypted files with a weak password. An attacker would need unfettered access to brute force decode the encrypted file.

Any online service should be running brutce force protection that will temporarily block anyone putting in incorrect details too many times, as well as rate limiting.
 
NTLM has been known to be pretty weak for a while. All it'll give you is local account passwords. Kerberos is a different matter.
 
daz said:
The only situation under which this is applicable is where you have stored encrypted files with a weak password. An attacker would need unfettered access to brute force decode the encrypted file.

Any online service should be running brutce force protection that will temporarily block anyone putting in incorrect details too many times, as well as rate limiting.
Click to expand...
Tell that to Sony.

Hay-ooooooooooo!
 
It's trivially easy to beat such brute force approaches. You simply force a delay between guesses of 1-3 seconds. That has little or no effect on human operators, but renders any brute force approach completely useless.
 
What about having to do a secret dance to gain access to a website...

I think that would make the world a happier place to live... :p
 
.Lethal said:
Finger print, retina scan ..
Click to expand...

In the future I imagine it will be done by something like this; authentication by presenting something that is truly unique to ourselves.

Mr Jack said:
It's trivially easy to beat such brute force approaches. You simply force a delay between guesses of 1-3 seconds. That has little or no effect on human operators, but renders any brute force approach completely useless.
Click to expand...

Or that :p
 
Well seeing as the number of possible combinations increases exponentially with the length of the password... a five character password isn't anywhere near as secure, as say, my 19 character password.
 
You must log in or register to reply here.
Back
Top Bottom