› Forums › General › General Discussion › Windows Security › New 25 GPU Monster Cracks Passwords In Seconds !
- This topic has 0 replies, 1 voice, and was last updated 11 years, 4 months ago by hackerman1.
- AuthorPosts
-
- 8th December 2012 at 02:01 #44565
Hi !
New 25 GPU Monster Cracks Passwords In Seconds
There needs to be some kind of Moore’s law analog to capture the tremendous advances in the speed of password cracking operations.
Just within the last five years, there’s been an explosion in innovation in this ancient art,
as researchers have realized that they can harness specialized silicon and cloud based computing pools to quickly and efficiently break passwords.Gosney’s set-up uses a pool of 25 virtual AMD GPUs to brute force even very strong passwords.
A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here – PDF), has moved the goalposts, again.
Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual OpenCL (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM, for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
[Note of clarification from Jeremi: “LM Is what is used on Win XP, and LM converts all lowercase chars to uppercase, is at most 14 chars long, and splits the password into two 7 char strings before hashing — so we only have to crack 69^7 combinations at most for LM. At 20 G/s we can get through that in about 6 minutes. With 348 billion NTLM per second, this means we could rip through any 8 character password (95^8 combinations) in 5.5 hours.” ]
full story: http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/
- AuthorPosts
- You must be logged in to reply to this topic.