Blazing Fast Password Recovery With New ATI Cards

An anonymous reader writes "ElcomSoft accelerates the recovery of Wi-Fi passwords and password-protected iPhone and iPod backups by using ATI video cards. The support of ATI Radeon 5000 series video accelerators allows ElcomSoft to perform password recovery up to 20 times faster compared to Intel top of the line quad-core CPUs, and up to two times faster compared to enterprise-level NVIDIA Tesla solutions. Benchmarks performed by ElcomSoft demonstrate that ATI Radeon HD5970 accelerated password recovery works up to 20 times faster than Core i7-960, Intel's current top of the line CPU unit."

Portrayal

[Dan+East]

I like the way this is portrayed in a totally positive light, as if a person, upon forgetting the password to their device, is going to go out and buy one of these video cards, install it in a machine capable of supporting it (PSU wattage, bus speed, OS, etc), purchase the proprietary "password breaker" software (sold by the company that authored this "story"), all just to recover their password. I think the typical usage for this type of setup is of a more nefarious sort.

Re:103000 passwords per second. So?

[WuphonsReach]

At 103000 attempts per seconds, that's... 421 years oh.

Still within the realm of cracking, especially if those passwords guard a few million dollars of assets. 421 years sounds like a lot until you add things like:

- Crossfire or SLI where you have multiple boards installed
- Setup half a dozen machines to work on the problem
- Apply a botnet to the problem
- Future improvements in technology
- Apply some heuristics to the guessing process

All of which can easily shave off at least 2 orders of magnitude and possibly 3 orders of magnitude. Which reduces that 421 years down to a few months (or worse).

8 character passwords are pretty much dead in the water now. Or at least they need to be phased out within the next few years. Or protected by rate-limiters which control how fast passwords can be tried. (Personally, I always assume that the attacker has the stored hash and can apply parallelism to the attack. Which means that rate limiters should not be relied on to prevent cracks.)