A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.
Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the "massively parallel processing" capabilities of a graphics processing unit (GPU) - the processor normally used to produce realistic graphics for video games.
Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov.
The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.
Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the "massively parallel processing" capabilities of a graphics processing unit (GPU) - the processor normally used to produce realistic graphics for video games.
Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov.
The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.
It is the way a GPU processes data that provides the speed increase. NVidia spokesman Andrew Humber describes the process using the analogy of searching for words in a book. "A [normal computer processor] would read the book, starting at page 1 and finishing at page 500," he says. "A GPU would take the book, tear it into a 100,000 pieces, and read all of those pieces at the same time."
Benjamin Jun, of Cryptography Research based in San Francisco, US, says massively parallel processing is ideally suited to the task of breaking passwords. And, while concerned about the development, Jun also pays tribute to the achievement: "A number of us have been following advances in those platforms, and there's a lot of elegant, intelligent design."
Password cracking can be used to unlock data on a computer, but will not usually work on a banking or commercial website. This is because is takes too long to run through multiple passwords, and because a site will normally block a user after several failed attempts.
Jun adds that the trend towards encrypting whole hard drives with increasingly long cryptographic keys still means it is becoming more difficult to access sensitive data. "Should I throw away my web server and run for the hills?" he says. "I don't think so."
NVidia released a software development kit for its graphics hardware in February 2007. Known as CUDA, the kit lets programmers access the computing power of the GPU directly. It has gained a following among those with a need for high-performance computing, particularly in fields such as science and engineering.
"[CUDA] is a huge thing for the oil and gas industry, for the financial sector, and for scientists," Humber says. He adds that CUDA is also be being used by a company called Evolved Machines to simulate the way the human brain wires itself.
Elcomsoft says it took three months to develop code to take advantage of a GPU, and the company plans to introduce the feature into some of its password cracking products over time.
News source: New Scientist
Now, wheres the source code.
that made me laugh
???
How about $200 for an 8800GT?
alphanumericASCII characters, a password twelve digits long would have 95^12 permutations.That's over 540 sextillion (540,360,088,000,000,000,000,000) combinations of characters - assuming you already know the password's length...
At its current max. speed of 280.6 trillion (280,600,000,000,000) operations per second, it would take up to 61 years for the world's fastest supercomputer Blue Gene /L to crack this. However, if supercomputers double in speed every two years, then in ten years 2017, the world's fastest supercomputer should be able to crack a true random twelve digit password in under two years.
So I'm not worried... yet.
Last edited by Lt-DavidW on 25 Oct 2007 - 15:45
cracking pass through dictionary, dates could be hell easy, matter of seconds
so, hacker try dictionaries, dates and then goes to brute force hacking.
ok so it will take up to 2019 to crack pass by brute force but 90%+ passwords will be cracked in less that couple minutes ?
I do not think anyone is going to remember 12 random character password
That means only one: Dawn of passwords era, it's too vulnerable
http://ophcrack.sourceforge.net/
The only new thing about this article is using GPU's to do the cracking. Passwords can be cracked using rainbow tables MUCH quicker than described here.
http://ophcrack.sourceforge.net/
The only new thing about this article is using GPU's to do the cracking. Passwords can be cracked using rainbow tables MUCH quicker than described here.
They can crack a password much faster, IF you have the rainbow table. You still have to generate it if you don't have one, and generating one with the GPU vs the CPU will take much less time.
Just for the record, my password is 16 characters long completely random letters and digits, and I remember it more than I remember my name
How often do you change it?
(The password, not your name)
How often do you change it?
(The password, not your name)
Well see err in my country i illegal yas understand ? so i errr change name nick errrr 5 month ? yar, yar, very good
That's over 540 sextillion (540,360,088,000,000,000,000,000) combinations of characters - assuming you already know the password's length...
At its current max. speed of 280.6 trillion (280,600,000,000,000) operations per second, it would take up to 61 years for the world's fastest supercomputer Blue Gene /L to crack this. However, if supercomputers double in speed every two years, then in ten years 2017, the world's fastest supercomputer should be able to crack a true random twelve digit password in under two years.
So I'm not worried... yet.
That's not how cryptanalysis work. What you're talking about is a very, and I mean very, basic brute force attack. You need to read more about cryptography and everything related.
I think the type of password-cracking discussed in this article relates only to brute force attacks, not exploiting weaknesses in encryption algorithms/methods?
I do not think anyone is going to remember 12 random character password
...
I just happen to remember a 12 random character password
But come on, it's all about the e-penar
KeePass is a very handy prog for me.
Edit: well actually it depends on the password but reverse md5 dictionary's are around these days
Steve Jobs
but yeah people are still only gonna crack your password if they want to. it amazes me the parabnoid world we live in. they can just do it 25 ties faster, adn i am assumign if quad sli then 100 times
but yeah people are still only gonna crack your password if they want to. it amazes me the parabnoid world we live in. they can just do it 25 ties faster, adn i am assumign if quad sli then 100 times
/me thinks somebody needs a new keyboard.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.