Slashdot Mirror
New 25-GPU Monster Devours Strong Passwords In Minutes
chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."
So it doesn't matter anymore I'm using 000000 as password ....
Who gives a rat's ass about such golden oldies? It's been possible for the longest time to fairly quickly crack windoze passwords (if you have the file) and MD5 has been known to be insecure for quite some time already...
So newer hardware is faster than older hardware. Who would've thunk?
My conclusion is to use different passwords for different things. They don't have to be that strong.
As long as the passwords are strong enough to prevent brute forcing over the _NETWORK_ they are strong enough. If you don't pick an overly stupid password then either you or the site is going to be pwned before the hackers brute-force/guess your password over the network.
If someone has hacked into the site to obtain the hashes, it's likely they can do other stuff anyway (make transactions, get your info, maybe even get the plaintext of your password), so don't waste your time making and using super long passwords.
So now that passwords as a system is officially broken, can we please move on to something better? Something that wasn't invented to allow soldiers standing watch in the middle of the night to tell their mates from their enemies, but is actually designed for computers?
And no, of course I don't have any better ideas... this is /. and I'm here to pointlessly criticise!
Business/App ideas are like arseholes: everyone's got one, they're mostly shit, but very rarely they contain a diamond
Seems to me a simple enough matter to configure your machine to lock you out and (re-)encrypt your hard drives after a small number of failed attempts. (Like my bank does with its ATMs.) Or an arbitrarily long interval between password entries would throw a spanner in the works of the fanciest brute-forcing machine. End of story.
We need SHD webcams and retina scan technology on websites instead of passwords. Passwords are dead now and moving forward, something else is needed.
Remembering bunch of 256-letter passwords is unreal unless everybody goes autistic overnight.
As I sit here, slightly intoxicated from a long time out on the town, I'm struck by the progress made against what might be considered the foundation of our Internet identities, the password. After all, everything we do online that self-idenfies is ultimately boiled down to the few unique keywords we can remember, no? Progress seems to be made on a monthly basis to challenge even this basic assumption in how we interact with the Internet at large -- how long until accounts in general are rendered a moot idea, as the ability to crack passphrases is limited to mere seconds of processor power? What are we left with then but a web of ideas?
I'm starting to understand the sympathy behind the whole Anonymous movement. And, if nothing else, we've learned a valuable lesson about linking our most personal of thoughts and financial information to a global web of computers...
If he's able to attain numbers like this with four machines, how will it perform as a cluster of eight? Or sixteen?
It doesn't devour "strong" passwords in seconds. It devours weak passwords, in seconds. A fourteen character password is, by definition, pretty weak.
For comparison, the password to an account I use fairly often is 128 characters. At 348-billion password attempts per second, it would practically take eternity. Even if it made attempts 40 times faster (one hundred billion times per second), it would take (according to SGC's haystacks calculator) "76.10 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries".
I might use a fourteen character password on a trivial site that I don't care about, but probably not even then.
The problem with MD5 isn't the speed of creating hashes, it's that collisions are now trivial to find. This is one of the reasons that repeatedly hashing passwords is a fscking stupid idea - somewhere along your "hash over and over 10,000 times" if you find a collision you'll end up with the same chain as someone else from that point. This is why the big boys use chain rainbow tables ;)
This is well known and no sane people uses NTLM auth anymore, even Microsoft recommend to deactivate this authentication method. The idiots at Microsoft used a DES ECB implementation instead of CBC that anyone with two ounce of crypto knowledge would choose. The practical impact of this very bad design choice is that a 14 character password has as much complexity as two independant 7 characters passwords ! So when the authors brag about cracking a 14 character password in 6 minutes, what they're really doing is cracking two 7 character passwords in 6 minutes, this is entirely different and not impressive at all.
http://www.transparency.org
Single hash passwords have been a bad idea for a while now. If you're a dev, PBKDF2 would be a better choice.
What use is that kind of brute force if the password validation process will delay the next attempt by 10 seconds each time the password was wrong?
All this talk about fast password hacking is nice and clean but in practical application its not going to work, at least for good programmed password checks and here i need to admit, there are too few...
But will it run Crysis 3?
A customer asked us recently if we could recover some of their passwords stored (hashed) on our system.
"Sure we can, if you used really poor passwords."
If you were blocking sigs, you wouldn't have to read this.
I was under the impression that a 14 character NTLM password was basically two 7 character passwords, and the fact you can crack them easily is not news. Rainbow tables will crack them in a matter of seconds on a standard PC setup.
I know, I know, but still, the phrasing of this irked me a little: "was forced to acknowledge".
Forced by who?
It makes it sound like he reluctantly, and begrudgingly mentioned this. I'll let you judge for yourselves:
http://tech.slashdot.org/story/12/06/07/1529252/md5crypt-password-scrambler-is-no-longer-considered-safe
http://phk.freebsd.dk/sagas/md5crypt_eol.html
Keep In Touch Sidebar p6-7
Anyways, what's its $2a$08$ rate? How about scrypt?
Discussed in the past:
Bcrypt, scrypt, sha512crypt
Thanks to the recent halving of the block reward and the impending release of Bitcoin ASICs there will soon be a glut of owners of such "monsters" who are used to hashing for effectively anonymous money. A single 25 GPU machine cracking passwords is interesting; a website linking such miners with people who want passwords cracked (similar to the vanity address generating sites) is game changing.
So it generates a gazillion passwords in a couple of seconds. It would seem that the obvious flaw in the systems, then, would be accepting a gazillion tries in a second. If the password file is at hand, there's not much for it. Or is there? I'm no genius cracker, but maybe someone could figure out how to add in an automatic delay on fail.
> communicating at 10 Gbps and 20 Gbps over Infiniband switched
If you are bruteforcing password, you just split searched space into smaller chunks and assign them to nodes once. No need to communicate at all!
Let N be the number of bits of real entropy in an item of human memory. N is somewhere between 50 and 70. (Proof: you can remember RWOLZEKBYT or "correct horse battery staple" if you have to, but you've got no prayer of remembering RWOLZEKBYTDUQLZPEJNB or Rw3L$E5Kÿ(t. )
Let 2^R be the instruction rate of the largest computer affordable by a large nation or corporation. R is about 56 at the moment.
2^(N - R) is the number of seconds before we're all completely fucked.
what about those?
I'm really low on porn at the moment and hit my monthly internet quota!
I have an old trucrypt container that I forgot the password to. Does this mean I can now recover it? (it was fairly short, perhaps 8 characters)
Not seeing anything about WPA.
You can pull those truly out of thin air and since they are rehashed 4000 times brute forcing those is slow even on most modern hardware. Generally in the range of a 1000 to 5000 keys per second.
More than a thousand years for a 8 character password. And you can't even use a shorter password on WPA.
GPUs do change the picture a bit.
Let's redirect research into how to replace them, and stop "moving the goalposts" on how fast we can get pwned by someone with too much time and money on their hands or an axe to grind.
imagine a beowulf cluster of these...
If anyone with motivations beyond that of a script kiddie is doing this, then you are already totally screwed - they can already steal all your transaction information or make their own transactions or transfer funds or do whatever they want to do as ANY UID in that system - WHY would they ruin that and post them on the web?
And if it *IS* a script kiddie, only interested in "cred" and he leaks the password hash DB on the net, then AGAIN so what, because like the GP said you are using different passwords for different sites.
If passwords are getting cracked so quickly these days, what then is the answer? Authenticators are all well and good, but I don't have room on my keychain for one for Blizzard (I know about and have the one for my iPhone), one for Amazon, one for PayPal and eBay, one for Gmail, etc and so forth.
What would be a viable solution then?
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
wouldn't crazy brute for attacks like this be eliminated with simple attempt limitation? It maybe be able to do the bruteforce attacks at a megazillion per second, but if the connection is actively refused after 10 tries, what does it even matter. You could theoretically set the limit to any amount way under the total amount of possibilities and it still wouldn't matter. as for building passwords that are stronger, we need to move away from 8 - 12 char limits with case and special characters and force people to use complex strings that have 25 - 50 chars in them but are simple to remember for example something like "mydogsnameisfluffy" or "whydoineedacrazyasspassword" both of these are much harder to crack than "8&#sref"
but can it run Far Cry 3?
So it seems all server side code should be storing:
algo_name, hash(salt + password) ...that way, if your algorithm of choice proves to be a bit feeble, you can gradually upgrade to a better one by getting your users to change their passwords. If anyone's account has a really old algo still on it, then the account gets disabled. Whilst this doesn't "solve" the problem, it means you don't have to throw everything away because someone found a quick way to compute hashes using your chosen algorithm.
Either way, it seems we're about on target for kittenauth now ;-)
Time to move on to fingerprint scanners for security, but with a twist: they *only* recognize 'dead fingers'.
Don't know about you, but I'm already set.
Nobody listened to me @ work when I told them continuing to have UNIX passwords distributed over NIS was a terrible idea in 2012.
Crack the code to open President Skroob's luggage?
"A 14 character Windows XP password hashed using LM for example, would fall in just six minutes"
Which is nothing impressive. NTLM has a 14 char password max and pads sub-14char passwords with null. It then breaks the password into two 7 byte pieces, hashes both pieces, then concatenates the two hashes together. Using NTLM, a 14 char password at worst 2*96^7 instead of 96^14, which is a factor of 37,572,373,905,408 difference. If NTLM was properly designed, that same 14 char password would have taken 37,572,373,905,408*6min to break or 428,908,378 years.
14 char passwords are still safe assuming there isn't a huge flaw in the password storage.
So, can this also bust DRM schemes like the system in bd+?
Passwords^12?
Passwords carrot twelve? WTF kind of a name is that?
I was once in an interview for a County job. One of the the questions was about password security. In my reply, I noted that many people use the name of their pet or children, etc, as a password. While I was finishing my answer, the IT Director started to chuckle. Once I was finished, he apologized, and said that his wife uses the name of their cat, plus a two-digit number, as her password for everything despite him telling her numerous times not to. The *largest* problem that I find daily in my job, are lazy people. Lazy meaning that they don't want to use anything that is too complex to remember or type, so they use the shortest simplest password that the security scheme at their location allows for. If it requires a long and/or complex password, the majority of them write it down/print it out, and tape it to their monitor. I still cannot believe how many people that work in supposedly high security places do this.
Here's how to crack the password for the Win98 login: press [Esc].
Get free satoshi (Bitcoin) and Dogecoins
It's no surprise this is happening.
The suggestion of using [more] or different passwords for each purpose is plain silly.
Everytime a Users password is discovered, it goes into a bucket associated with as much Meta data as can be found to create an "Informative HASH" or a catalog of better possible "hits" than pure randomness. Effectively "mining" "human-space" password fields for targets.
This vastly reduces the possible number of "safe" passwords by burning randomness.. its a limited resource. More so than you think because most people don't chose their passwords randomly even with a random number generator. They may tweak to an even number of characters 2,4,6,8 or limit the character set to not much more than 29 and limit the case or exclude punctuation, then apply a personal filter to try and inject "memorable" patterns. Ultimately very predictable.
Regardless of the crypt algorithm once you've culled and filtered this much.. psychology or the psychic hotline can probably deduce your password without a computer.
Thus ultimately your personal passwords are a small limited resource and will fall to intensive brute force scans.. incorporating unique information like birthdate or days since you were born might actually be better than incorporating no advancing or personally unique information at all.
How many people thought "password" was a good password? And how many genders, age groups and languages have used that example? Didn't take too long to mine that.. now you can check it against the current human population and get a high percentage of positive hits without a dictionary and with a GPU. For very little effort at all.
Burning your own pool of acceptable (to you) good passwords by issuing more and more of them to different services you use is almost as bad as assigning the same password to every service you use.. fundamentally they are equivalent misconceptions. The difference is the current deception that its a more secure method.
If you think about it nature recycling DNA or generic material across the Earth's surface is kind of an attempt to bury or "hide" information. The business of the LifeCycle of Data attempts to palimpsest the surface. Geological weathering is similar too.. but however unlikely it seems today, it is predictable, at large scales and microscales. For stars and planets we have AstroPhysics for Molecular chemistry with rate equations and for subatomic particles with have Quantum mechanics.. they all deal with vast unknown quantities and processes pretty well.
Password fields are merely deceptively simple examples of not really large quantities of moving items that we attempt to influence.. but they have fairly rigid patterns.. if they didn't.. they were not relatively "brittle" not ductile we simply couldn't remember them and would not use them. OPIE and passcode generators are an attempt to use more ductile password materials.. so are Certificates.. they are harder to "hold on to" more "slippery" if you will.. and harder to deal with.. but they are no different than fluids or solids in the real world. We are so picky about the algorithms.. we only have about three "Meta" materials currently used for all passwords in existence.
Human DNA or Dinosaur DNA for those examples.. are using a "Meta" form of data storage that is far more flexible.. and current biometric based security (LOL) is far far from the real thing. A good biometric would attempt to use confluent protein sequence folding to "hide" or "encode" information into a realy long DNA strand.. or unwind it on histones to produce a "protein" like passcode or enzymatic "key" for each purpose.. that would be more interesting and currently mostly beyond our technology.
Hunter Prey has been going on for a long time in the real world, at the biologic and astronomic scale.. Dark Matter concepts hint that we are paranoid enough that it may be going on extra-universal and that we are just beginning to suspect things outside hidden in the tools we use.. the very equations that work in our universe.. Carl Sagan managed to work that into Contact. .. well that enough about all that
For example, I have a really hard time remembering phone numbers, so I use mathematical rules to aid in memory recall. Like, take my cousin's phone number for instance (not a real number).
The Area code is (516) so I remember that as "Prime" 4^2 or "Prime" 16^1/2. Because I know 5 is a prime and 16 can be squared perfectly. Then the next three numbers are 231, which all happen to be Fibonacci sequence numbers. So I remember that as "FIB."
Finally, the last four digits are 4447, so that translates as 4^3 and a Prime or 7. The point is, part of the insecurity problem is the use of a small number of rules to create the passwords makes them more vulnerable. An additional set of "intermediary rules" could be implemented to make security more personalized and harder to defeat.
What would Richard Feynman do, if he were here right now? He'd do some math and he'd follow through!
not the quality of the password, but the quality of a service that allows 348 billion failed password attempts per second.
I haven't thought of anything clever to put here, but then again most of you haven't either.
As more and more people carry around smart phones, the answer in the arms race of security vs cracker is obviously two-factor auth. Both Google and Dropbox support it, and it's only a matter of time before other sites make it more widely available. That way, even if they crack your password, if they don't have your physical phone on hand, or replicate the recent RSA hack, then the password's only good for low-hanging fruit. inb4 "My grandmother/mother/average user can't handle two-factor auth for her Facebook." That's no excuse for not moving in that direction. If sites like Facebook, Twitter, etc were to adopt two-factor auth, first as opt-in only, with a plan to migrate towards mandatory, then the generation of children coming up now that would be new users of the system will no no different and consider it the norm.
Just using alphanumerics, a 12-character password has 62^12 (3.23x10^21) possibilities. If you can try 348 billion (3.48 x 10^11) phrases per second, it would take 9.28x10^9 seconds (a little over 293 years) to exhaust all the possibilities.
There have got to be some really impressive-looking passwords that have a hash collision with common dictionary words.
The thought of this amuses me to no end.
Competition Good, Monopoly Bad.
Why do you even need strong passwords? You have never been safe if someone gets access to the password hashes, or the machine where you enter the password. On the other hand, trying to bruteforce even a weak password should make web services detect that something is wrong.
Using especially weak passwords also helps detect security problems. If I created an account on Slashdot, I'd probably use password like "slashdotsux" or "correcthorsebatterystaple". Those will surely get cracked if someone gets access to the hashes, but the potential damage is not really severe at all. I'd actually be happy to know that the service has been compromised.
Leave strong passwords to the few important services you use. Never use the same password on two services, even if it is a weak password. That works quite well.
I just did a google search and couldn't find VCL. Can anybody link me to the project/documentation?
but how practical is bruteforcing if the password is a random sequence of characters? (e.g. made from the first characters of the words in a rhyme) There is no way to detect the right password so every result would have to be tested by actually trying to log into the system, isn't it? Wouldn't practically all systems today block login after repeated failed attempts in short time? Or am I missing something?
Just to put this is perspective, there is about 250,000 words in the english language (even that's a overstatement).
that would be testing every word in the english lanugage 1.4 million times a second.
or testing every word plus the digits from 0 to 14000000 after it. in one second.
got some jam.
Password is an 8 character password.
P@$$w0rd is an 8 character password with upper case, lower case, number, _and_ symbols.
P@$$w0rd123 is an 11 character password with upper case, lower case, number, _and_ symbols.
The first two of these should be found on offline dictionary and rules-based dictionary cracking attempts before the attacker's finger finishes lifting up on the keypress, even on a netbook. The third of these will fall very quickly, once the attacker starts on rules-based dictionary cracks for not quite as pathetically small passwords.
generally i can use a sequence to as many digits as i want... like fibonacci
Based on the hashcat.net OCLHashcat-plus page, if this setup can crack md5crypt at 77 million tries/second, if it scales the same for SHA1, it should be able to crack SHA1 passwords (much more common on web sites that bother to hash at all) at a rate of about 46 billion (yes, 46,000,000,000) tries per second.
Note that password length does matter (a lot), but cracking like this (highly parallel, based on GPU's which are also highly parallel) is likely still based on Moore's Law, and thus we will need to start upping the amount of processing we do on passwords before storage.
md5crypt does some, but it's also based on md5.
sha1 by itself is pretty bad.
HMAC-Sha1 or HMAC-SHA2 or HMAC-SHA3 (etc. depending on nationality) in an iterative loop (i.e. PBKDF2/PKCS#5/RFC2898) is better - we just have to keep upping the number of iterations.
Rough estimates of cracking speeds with this:
8 characters, upper/lower/number (ASCII), truly randomly generated with a crypto random function, has a total of about 2.18E14 possibilities.
md5crypt: exhaustive brute force in 2 months with this setup... probably before the next generation of this cluster is built.
sha1: exhaustive brute force in 2 hours with this setup... definitely before the next generation of this cluster is built.
PBKDF2(HMACSHA1, passphrase, ssid, 4096, 256) [i.e. WPA2 if done right]: exhaustive brute force in 3 years with this setup (if it lasts)... less, depending on when the next generation is built.
10 characters, upper/lower/number (ASCII), truly randomly generated with a crypto random function, has a total of about 8.39E17 possibilities.
md5crypt: exhaustive brute force in 345 years with this setup (if it lasts)... or 12 years if the setup doubles in speed every 18 months.
sha1: exhaustive brute force in 7 months with this setup (if it lasts)... probably before the next generation of this cluster is built.
PBKDF2(HMACSHA1, passphrase, ssid, 4096, 256) [i.e. WPA2 if done right]: exhaustive brute force in 9.7 thousand years with this setup (if it lasts)... or 19 years if the setup doubles in speed every 18 months.
14 characters, upper/lower/number (ASCII), truly randomly generated with a crypto random function, has a total of about 1.24E25 possibilities.
md5crypt: exhaustive brute force in 5 billion years with this setup (if it lasts)... or 48 years if the setup doubles in speed every 18 months.
sha1: exhaustive brute force in 8.5 million years with this setup (if it lasts)... or 34 years if the setup doubles in speed every 18 months.
PBKDF2(HMACSHA1, passphrase, ssid, 4096, 256) [i.e. WPA2 if done right]: exhaustive brute force in 143 billion years with this setup (if it lasts)... or 55 years if the setup doubles in speed every 18 months.
So 348 billion ntlm/sec, vs 77 million md5crypt/sec...
ntlm as used in the latest versions of windows (vista was the first version to not use lm by default), and md5crypt which is already being deprecated by most linux distros...
Not that it matters, if you get the hashes for a windows box you can pass the hash (ie use it without cracking), you can't do that against typical unix boxes.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
If you pick a password > 14 chars, the LM hash can't be stored, so it is not. If you have some old legacy systems in your environment that require your AD to still have LM hashes enabled, you can at least keep them from getting YOUR password via LM hashes by creating a longer password (this is what the warning that says something like "this password can't be used to access older systems" is telling you.)
... is so hard to do. With this machine, we don't have to, anymore.
now we need to go OSS in diesel cars
I think NTLM only keeps a 128bit hash, so if it were possible to brute force the entire key space, the attacker would likely find a hash collision that works as your password before finding your actual password.
...Which is an interesting tangent to think about, as this hardware could be used to do some interesting research in the name of improving security. It would be really interesting to search an entire hash space to see how many collisions occur, and where.
HA! I just wasted some of your bandwidth with a frivolous sig!
The argument is that people should protect their password hashes better, to prevent someone from getting them and shipping them off to Curiosity to be cracked with a pile of Tesla boards or Martian quantum computers or whatever.
I blame goddam NASA for not properly locking down Curiosity's Tesla boards and letting any old script kiddie use them to hack into banks. They are the real criminals here....
HA! I just wasted some of your bandwidth with a frivolous sig!
Hashing needs scalability; bcrypt has had it built in! as computers get faster you just amp up the complexity of the bcrypt hash function. old low complexity hashes are backwards compatible so hashes stored over long periods would need to be rehashed maybe every decade...
Democracy Now! - uncensored, anti-establishment news
Pardon me while I place my tinfoil hat on... done... If the researcher is able to do this publicly how long have our friends at the 3LO's been doing this with their acres of computers of servers?
Look at the wiseguy ticket scam. They downloaded the img file for every captcha then generated the correct responses.
This box was built with off the shelf components and runs on an open source plaform. Your passwords are not effective. I don't care how much thought and obfusction you think you've injected into them, how long they are or how often you change them. It no longer matters. What we need to do now is change the game. We need to remove the human element. We need to automate. And by that I mean much more than scripting changes. We need to automate compliance. Devices have stipulated software and configuration based on the service they provide, and a system exists which enforces that stance. Just because you know the administrator or root password, doesn't mean you can load software onto the server. Just because you know the enable password doesn't mean you can change the router configuration. You may be able to cause a change to occur, but the system will roll it back or unload that software if it violates the policies that govern that device. If your PC sundennly starts blasting out traffic to all sorts of Internet addresses, your switch port gets turned off, or your wireless session gets dropped.
The idea is that humans, engineers and administrators tell the supervisory system how the services, and devices should behave; what components and configuration details they should exhibit and on what schedule changes can be performed. But a human NEVER makes a change. If they do, it's undone, removed, uninstalled or otherwise mitigated to return the device to its prescribed state. A very simple clustering/voting kind of setup could keep the supervisory system itself in its prescribed state.
This has the added benefit that the new slave labor situation present in nearly every IT department comes to an end. No longer are junior engineers relegated to performing endless mindnumbingly simplistic operations that are of litle actual value to the organization, add nothing to the engineers resume and are mostly done poorly. Humans are allowed to do what they do best. Think. Plan. Design. And computer systems take on the job that THEY do best. Execute.
Can anyone find what type of server/motherboard combo they used to get what appears to be a 9-slot PCI-e motherboard with 3x PSUs? They have 8 cards in one box and a infiniband card.. I can't seem to find what this is (or how I can buy it)
and a one day lockout on three failed attempts.
And now you can DOS any user whose username you know by sending "bullshit", "bull crap", and "bullpoop" as the password.
Haven't heard that one in a while...
Why not use graphics patterns, like Windows 8, to generate very long passwords that do not have to be remembered or typed into a keyboard? It would not be hard to circle all the colors in a picture in spectrum order. The reduction of these finger strokes would yield a lot of data and that, together with a decent binary hash code, becomes the working password.
You can have a Windows password with extended characters if you know the character code with something like ALT+KP0, then the three digit ANSII code on the keypad (at least as of Windows 2000), allowing things like Pâssw0rÐ (one capital, two extended, four lowercase, one number: eight characters albeit ~17 key presses) ... it's unclear from my (very hasty) reading of the paper if that was considered, but I imagine that even if it was, that password would be signficantly more resource-intensive to crack. I had a friend whose password was a fully punctuated English sentence with a single extended character somewhere in the middle of it, probably 20+ characters including that one hard-to-locate hard-to-crack guy.
I still have a .zip file that I encrypted with a password using such a character. Gave up trying to brute force it after a week or so. At least my data's safe...
Use my userscript to add story images to Slashdot. There's no going back.
Use my userscript to add story images to Slashdot. There's no going back.
You can have a Windows password with extended characters if you know the character code with something like ALT+KP0, then the three digit ANSII code on the keypad (at least as of Windows 2000), allowing things like Pâssw0rÐ (one capital, two extended, four lowercase, one number: eight characters albeit ~17 key presses) ... it's unclear from my (very hasty) reading of the paper if that was considered, but I imagine that even if it was, that password would be signficantly more resource-intensive to crack.
I did the math, not sure why others haven't pointed this out yet. There are 189 nonspace printable characters in the 256-char ANSII code map. Adding one for space, that's 190:
190^14 combinations / (348 * 10^9 pw/sec) / 86400 sec/day / 365.2425 day/yr == 7275722393956 years
A long time. BUT even base64 is too complex for this purported rate:
64^14 combinations / (348 * 10^9 pw/sec) / 86400 sec/day / 365.2425 day/yr == 2188329 years
What am I doing wrong?
Use my userscript to add story images to Slashdot. There's no going back.
I don't think this is accurate, "In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes." If you had a 26 character base with 14 characters that is 26e+14=6.71e+19 search space. So to search the whole space at 348 billion attempts per second that would take 6.71e+19/((348e+9 per sec)*(60sec/min) = 3.21 million minutes. So if it takes if it takes on average half the search space to find the correct one it will take 1.61 million minutes, not 6.
I'm wondering how fast it can crack NTLMv2 passwords?