Main Area and Open Discussion > Living Room

Password Cracking Made Easy Thanks to the GPU

(1/6) > >>

Josh:
A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.

Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the "massively parallel processing" capabilities of a graphics processing unit (GPU) - the processor normally used to produce realistic graphics for video games.

Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov.

The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.-News Scientist
--- End quote ---

Source

Armando:
 :(

tinjaw:
:(
-Armando (October 25, 2007, 10:54 AM)
--- End quote ---
Did you read the article? Sorry, but this leaves the impression, for those who will only see your comment and not read the article, that this is a bad thing. As the article points out, this is meaningless. This only allows hackers to crack very small and very simple passwords - ones like 'EatMeat' - your basic letter only 8 character passwords. If you do the math, they would need to make this whole thing work 1,000 faster just to make it crack a password in a human's lifetime. Any reasonable password cannot be cracked in any reasonable amount of time. And it is very easy just to change your password today and turn it into a passphrase, making it almost impossible within your lifetime, to be cracked. For example, change your password from 'jE84%kd^' to "*IfYouAren'tFiredWithEnthusiasm,$YouWillBeFiredWithEnthusiasm." This is a random quote I grabbed and salted it with a '*' and a '$'. This is, to all intents and purposes, uncrackable via brute force.

Ralf Maximus:
What I'm curious about is why the Russians would go to the trouble to patenting the technique.  Is password cracking such a lucrative market niche that they worry about trade secrets?

Or is there application beyond password cracking?

tinjaw:
What I'm curious about is why the Russians would go to the trouble to patenting the technique.  Is password cracking such a lucrative market niche that they worry about trade secrets?

Or is there application beyond password cracking?
-Ralf Maximus (October 25, 2007, 11:14 AM)
--- End quote ---
1) It is good marketing that gets them more publicity.
2) There may or may not be application beyond password cracking and by patenting it, anything created that uses the same basic technique would most likely have to pay licensing fee to them for using the patented technology. So it is just good business sense to do so. (blah, blah, blah, patents are evil. blah blah blah ad nauseum)
3) It makes them more attractive as a buyout target. Companies are more likely to buy other companies if they have tangible assets that can not be lost as easily as say, developers who don't want to stay with the company after it is bought out.

Navigation

[0] Message Index

[#] Next page