Slashdot Mirror

← Back to Stories (view on slashdot.org)

New 25-GPU Monster Devours Strong Passwords In Minutes

Posted by Soulskill on from the om-nom-nom dept.

chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

6 of 330 comments (clear)

  1. my password by Anonymous Coward · · Score: 5, Funny

    So it doesn't matter anymore I'm using 000000 as password ....

    1. Re:my password by jones_supa · · Score: 4, Funny

      Hey, that's the combination of my luggage!

    2. Re:my password by tnk1 · · Score: 2, Funny

      That's awesome! I didn't know Slashdot had that feature! When you type hunter2, all I see are stars where hunter2 would be! And when I type my password ******* everyone else gets these stars!

  2. Can it bust my neighbours WPA wifi setup? by AbRASiON · · Score: 4, Funny

    I'm really low on porn at the moment and hit my monthly internet quota!

  3. Re:XP Passwords by Anonymous Coward · · Score: 2, Funny

    Soon, they will be able to build a time machine entirely out of GPUs to go back in the 90s and crack those passwords!

  4. Re:first by kh31d4r · · Score: 4, Funny

    imagine a beowulf cluster of these...