New Password Recovery Technique Uses CPU and GPU Together

BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."

Re:Just wonderful

[ScytheBlade1]

I used to think the same. "Eight characters is enough for now, but it's only a matter of time..."

Then I realized that this doesn't mean IT departments will require longer passwords. Rather, this is the death of the password, in place of other authentication methods (smartcard, biometrics, others, and combinations of everything).

It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

Not really: just add 1 letter

Add 1 letter and you've increased the time it takes to hack by 26x (although it's probably closer to 100x with punctuation and the like). So 25x is irrelevant. So is 250x. Only something that makes it non-exponential would really make a difference.