New Password Recovery Technique Uses CPU and GPU Together

← Back to Stories (view on slashdot.org)

New Password Recovery Technique Uses CPU and GPU Together

Posted by ScuttleMonkey on Monday October 22, 2007 @08:19AM from the brute-force-just-means-get-a-bigger-hammer dept.

BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."

16 of 264 comments (clear)

Min score:

Reason:

Sort:

What's the point? by jcicora · 2007-10-22 08:21 · Score: 3, Funny

So what, will hackers be able to use my computer to crack my password 25 times faster now?
1. Re:What's the point? by halivar · 2007-10-22 08:25 · Score: 5, Funny
  
  If they have access to your video card, they can peek behind the pixels to see what's under the "*******". I think. Or something.
2. Re:What's the point? by morgan_greywolf · 2007-10-22 08:38 · Score: 2, Funny
  
  Oh noes! Then they will know my password!
  
  Wait! There must be some uses of this technology for pr0n.
  
  --
  My blog
3. Re:What's the point? by FlyByPC · 2007-10-22 08:46 · Score: 4, Funny
  
  Heh. Little do they know that ********* is my password!
  
  --
  Paleotechnologist and connoisseur of pretty shiny things.
4. Re:What's the point? by Anonymous Coward · 2007-10-22 08:55 · Score: 3, Funny
  
  All your **** are belong to us!
5. Re:What's the point? by XHIIHIIHX · 2007-10-22 12:21 · Score: 3, Funny
  
  Yeah, but take the cover off the back of your monitor and there it is.
6. Re:What's the point? by TheVelvetFlamebait · 2007-10-22 18:56 · Score: 2, Funny
  
  Heh. Little did they know that ********* is my password!
  Fixed that for you.
  
  --
  You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
Just wonderful by Tablizer · 2007-10-22 08:23 · Score: 5, Funny

now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages.

--
Table-ized A.I.
1. Re:Just wonderful by justin12345 · 2007-10-22 08:40 · Score: 5, Funny
  
  I guess they are going to have to start making long, rectangular post-it notes now.
  
  --
  Cool art gallery, if you're into that sort of thing.
Government Motto by wildsurf · 2007-10-22 08:25 · Score: 4, Funny

If brute force isn't working... you aren't using enough of it.

--
Weeks of coding saves hours of planning.
1. Re:Government Motto by Bandman · 2007-10-22 08:38 · Score: 5, Funny
  
  it is important to realize that any lock can be picked with a big enough hammer.
  -Sun System & Network Admin manual
  
  --
  Check out my sysadmin blog!
From TFA: by Anti_Climax · 2007-10-22 08:26 · Score: 4, Funny

For example, the logon password for Windows Vista might be an eight-character string composed of uppercase and lowercase alphabetic characters. There would about 55 trillion (52 to the eighth power) possible passwords. Windows Vista uses NTLM hashing by default, so using a modern dual-core PC you could test up to 10,000,000 passwords per second, and perform a complete analysis in about two months. With ElcomSoft's new technology, the process would take only three to five days, depending upon the CPU and GPU.
I can't tell if the proper response to this is to recommend longer passwords or advise against using Windows Vista

Oh wait, both.

--
Even people that believe in pre-destiny look both ways before crossing the street.
Finally, by Tablizer · 2007-10-22 08:29 · Score: 5, Funny

I can now release the 12,000 monkeys I kidnapped for the task.

--
Table-ized A.I.
1. Re:Finally, by Anonymous Coward · 2007-10-22 08:38 · Score: 1, Funny
  
  Give 'em to me. I need to generate some good strong passwords.
I'll take one of those! by unix_core · 2007-10-22 09:17 · Score: 2, Funny

Hello, I would like to order one of your _cheap_ PCs, specifically the one with 128 GPU:s which I will turn into a supercomputer with this great software. I need it to recover my lost windows password. Thank you. And by the way do you still have those low-energy, standard socket 1.21 gigawatt bulbs?
Ob. Bash Quote by 0100010001010011 · 2007-10-22 09:50 · Score: 4, Funny

Cthon98> hey, if you type in your pw, it will show as stars
Cthon98> ********* see!
AzureDiamond> hunter2
AzureDiamond> doesnt look like stars to me
Cthon98> AzureDiamond> *******
Cthon98> thats what I see
AzureDiamond> oh, really?
Cthon98> Absolutely
AzureDiamond> you can go hunter2 my hunter2-ing hunter2
AzureDiamond> haha, does that look funny to you?
Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond> thats neat, I didnt know IRC did that
Cthon98> yep, no matter how many times you type hunter2, it will show to us as ******
AzureDiamond> awesome!
AzureDiamond> wait, how do you know my pw?
Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 ause its your pw
AzureDiamond> oh, ok.