Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Password Recovery Technique Uses CPU and GPU Together

Posted by ScuttleMonkey on from the brute-force-just-means-get-a-bigger-hammer dept.

BaCa writes to mention that a new hardware/software combination has been created by a company called ElcomSoft that will reportedly allow cryptography professionals to build cheap PCs that work like supercomputers for the specific task of retrieving lost passwords. Utilizing a combination of the CPU and the GPU the task of brute forcing a password may be reduced by as much as a factor of 25. "Until recently, graphic cards' GPUs couldn't be used for applications such as password recovery. Older graphics chips could only perform floating-point calculations, and most cryptography algorithms require fixed-point mathematics. Today's chips can process fixed-point calculations. And with as much as 1.5 Gb of onboard video memory and up to 128 processing units, these powerful GPU chips are much more effective than CPUs in performing many of these calculations."

9 of 264 comments (clear)

  1. Just wonderful by Tablizer · · Score: 5, Funny

    now IT departments will require passwords to be 30 characters long, with at least 2 digits, at least 2 puncuation marks, mixed case, and use Unicode characters from at least 8 different international languages.

    --
    Table-ized A.I.
    1. Re:Just wonderful by ScytheBlade1 · · Score: 5, Interesting

      I used to think the same. "Eight characters is enough for now, but it's only a matter of time..."

      Then I realized that this doesn't mean IT departments will require longer passwords. Rather, this is the death of the password, in place of other authentication methods (smartcard, biometrics, others, and combinations of everything).

      It won't be immediate, or close to it... but a 25x increase in the speed of bruteforcing passwords will certaintly speed up the process by which passwords are obseleted.

    2. Re:Just wonderful by justin12345 · · Score: 5, Funny

      I guess they are going to have to start making long, rectangular post-it notes now.

      --
      Cool art gallery, if you're into that sort of thing.
  2. Re:What's the point? by halivar · · Score: 5, Funny

    If they have access to your video card, they can peek behind the pixels to see what's under the "*******". I think. Or something.

  3. Finally, by Tablizer · · Score: 5, Funny

    I can now release the 12,000 monkeys I kidnapped for the task.

    --
    Table-ized A.I.
  4. Re:Government Motto by Bandman · · Score: 5, Funny

    it is important to realize that any lock can be picked with a big enough hammer.
    -Sun System & Network Admin manual

    --
    Check out my sysadmin blog!
  5. Irony? ("...by a company called ElcomSoft...") by ClayJar · · Score: 5, Informative

    I'm just wondering, should I take the summary as intentionally ironic (i.e. as if it had referred to an operating system "by a company called Microsoft"), or should I assume it was written by someone *fascinatingly* oblivious to the recent history of decryption software and the disputed legalities thereof? An informed, non-ironic summary would simply say, "...by ElcomSoft...", of course.

    For any of you who may have been living under a rock (possibly on another planet), ElcomSoft is the company that was employing Dmitry Sklyarov, who was arrested in the US on DMCA charges when he'd come to present at a conference. Wikipedia has more.

  6. Poorly written article by Deadplant · · Score: 5, Informative

    And with as much as 1.5 Gb of onboard video memory Not knowing the difference between a bit and a byte == Fail.

    ElcomSoft has discovered and filed for a US patent on a breakthrough technology ... harnessed the combined power of a PC's Central Processing Unit and its video card's Graphics Processing Unit. The resulting hardware/software powerhouse will... Referring to the (obvious) use of a new library/sdk from NVIDIA to improve performance of an existing application as the "discovery of a breakthrough technology" ==
    Fail.

    ...allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords. Cut and pasted from "How to write with spin for dummies"
    Fail.

    ...will be incorporating this patent-pending technology into their entire family of enterprise password recovery applications. Corporate press release copy and paste == Fail.

    Numerous grammatical errors == Fail.
  7. Not really: just add 1 letter by Anonymous Coward · · Score: 5, Interesting

    Add 1 letter and you've increased the time it takes to hack by 26x (although it's probably closer to 100x with punctuation and the like). So 25x is irrelevant. So is 250x. Only something that makes it non-exponential would really make a difference.