Main Area and Open Discussion > Living Room
Password Cracking Made Easy Thanks to the GPU
Armando:
:(
-Armando (October 25, 2007, 10:54 AM)
--- End quote ---
Did you read the article? Sorry, but this leaves the impression, for those who will only see your comment and not read the article, that this is a bad thing. As the article points out, this is meaningless.
-tinjaw (October 25, 2007, 11:10 AM)
--- End quote ---
Sorry tinjaw.
Yes I read the article, and although I don't have the time to reread it now and you seem very competent and I might not have the qualifications to comment ( ;D ) cryptography/encryption, how and where does it say that it's "meaningless"? :huh:
tinjaw:
Doh! :-[ It appears that even *I* haven't read the article Josh quoted.
I had just finished reading Jeff Atwood's blog and was checking for new postings on DC and *assumed* (yes, I know) that Josh was linking to Jeff's blog. Sooooo....................
Jeff Atwood points out why this is meaningless. ;)
Armando:
oh! Thanks tinjaw -- I just reread the article Josh submitted and was starting to question my ability to understand English... :) I'll check out the Jeff Atwood one.
Deozaan:
:(
-Armando (October 25, 2007, 10:54 AM)
--- End quote ---
Did you read the article? Sorry, but this leaves the impression, for those who will only see your comment and not read the article, that this is a bad thing. As the article points out, this is meaningless. This only allows hackers to crack very small and very simple passwords - ones like 'EatMeat' - your basic letter only 8 character passwords. If you do the math, they would need to make this whole thing work 1,000 faster just to make it crack a password in a human's lifetime. Any reasonable password cannot be cracked in any reasonable amount of time. And it is very easy just to change your password today and turn it into a passphrase, making it almost impossible within your lifetime, to be cracked. For example, change your password from 'jE84%kd^' to "*IfYouAren'tFiredWithEnthusiasm,$YouWillBeFiredWithEnthusiasm." This is a random quote I grabbed and salted it with a '*' and a '$'. This is, to all intents and purposes, uncrackable via brute force.
-tinjaw (October 25, 2007, 11:10 AM)
--- End quote ---
Okay, so I read the source article linked in Josh's post and I didn't get any of what you're saying. It left the impression to me that cracking passwords is a lot faster due to parallel processing.
It even says, in Josh's post:
The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - [...] - Elcomsoft says they can cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.
--- End quote ---
And the only hint I see about it taking a lifetime to crack a password is this:
Password cracking can be used to unlock data on a computer, but will not usually work on a banking or commercial website. This is because is takes too long to run through multiple passwords, and because a site will normally block a user after several failed attempts.
--- End quote ---
And the only reason it would take so long is because the banks and places would lock you out after a few attempts, and possibly flag the account for watch.
So I'm not sure where you're getting your info on a "reasonable" password taking an unreasonable amount of time to crack. Then again, I suppose that means I should ask your definition of a "reasonable" password.
Is "*IfYouAren'tFiredWithEnthusiasm,$YouWillBeFiredWithEnthusiasm." reasonable to you? Do you really want to type that in every time?
I'm probably slightly above average when it comes to passwords, thinking a mix of letters and numbers is reasonable. Strange characters would be good, and long strings of jumbled nonsense would be the best, but not from a usability standpoint.
EDIT: I typed this up while the previous comments were made. I'll read Jeff's blog now. :-[
Ralf Maximus:
2) There may or may not be application beyond password cracking and by patenting it, anything created that uses the same basic technique would most likely have to pay licensing fee to them for using the patented technology. So it is just good business sense to do so. (blah, blah, blah, patents are evil. blah blah blah ad nauseum)
--- End quote ---
So, if I develop (say) a DNA sequencer that runs partially in the GPU, I might have to prove it's not derived from their technology?
Does this imply these guys are just setting up a patent-troll scheme?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version