Security Ledger reports on a breakthrough in password-cracking, using 25 graphics cards in parallel to churn through astounding quantities of password possibilities in unheard-of timescales. It's the truly the end of the line for passwords protected by older hashing algorithms and illustrates neatly how yesterday's "password that would take millions of years to break" is this year's "password broken in an afternoon," and has profound implications for the sort of password hash-dumps we've seen in the past two years.
A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here), has moved the goalposts, again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
New 25 GPU Monster Devours Passwords In Seconds [Security Ledger]
SOG’s $60 Sync II “wearable belt buckle” multitool isn’t the only multitool/buckle on the market, but it does add a couple very sensible innovations, like a clip-on/clip-off base that lets you use your tool without taking off your belt, and a squared-off form factor (like a pair of folding travel sewing scissors) that adapts the […]
This week on Cool Tools’ Maker Update: Kitty Grabs Gold, a beer cooler that follows you, the Circuit Playground Express, Adafruit and Microsoft, Other Machine Co. and Bre Pettis, Tinkercad Lego export, a great kit for gadget and toy hacking, and Maker Faires. Our featured Cool Tool is the iFixit Electronics Tool Kit. Check out […]
The mechanical Royal Kludge keyboard (Update: in stock here) seems to do well with Amazon reviewers, but there are no guarantees you’ll receive one with the coveted OFF/NO switch.
If you are camping during rainy season, or just want a TSA-approved lighter, these plasma torches make perfect travel companions. These gas-free lighters create a small plasma beam that’s safer than butane to use and more environmentally friendly. It creates a super-hot, splashproof flame so you can get a campfire going, or have a smoke […]
If you don’t want to get stuck footing the bill for a hit and run, this dashboard-mounted camera offers up to 2K resolution to make sure you always have a reliable witness, and it’s available in the Boing Boing Store for 30% off it’s usual price.The PapaGo mounts unobtrusively to your windshield to see everything […]
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]