Security Ledger reports on a breakthrough in password-cracking, using 25 graphics cards in parallel to churn through astounding quantities of password possibilities in unheard-of timescales. It's the truly the end of the line for passwords protected by older hashing algorithms and illustrates neatly how yesterday's "password that would take millions of years to break" is this year's "password broken in an afternoon," and has profound implications for the sort of password hash-dumps we've seen in the past two years.
A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here), has moved the goalposts, again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
New 25 GPU Monster Devours Passwords In Seconds [Security Ledger]
Thinkgeek’s $150 Bluetooth Communicators are based on 3D scans of a prop communicator; pair it with your phone and clip it to your belt: when you get a ring, the psychedelic hypno-disc in the middle will spin prettily, flick it open and start talking.
Eye-Fi makes clever wifi hotspots in the shape of SD cards; your camera sees them as SD cards but you can mount them on your network and automatically feed the images captured by your camera to a nearby laptop. But to make all this work with some models, you need an account on “Eye-Fi Center,” […]
Kyle writes, “The Volt is a fully open source, arduino-based, handmade analog clock that tells time with meters. Available in a DIY install kit, 2 pre-made models, and a mix & match hardware option. The clocks are but with solid black walnut and maple, with faceplates produced in brass, copper, and steel. Only on Kickstarter!”
If you’ve got a coding career on your mind, few programming disciplines will take you farther than a commanding knowledge of the Python language, which is not to be mistaken for parseltongue. Its versatility and ease of use make it a go-to for any coding project…so master Python now with this all-inclusive all-level python programming course […]
The realm of web development is constantly evolving. New platforms, languages, and processes materialize all the time, so staying on top of all that innovation is a tall order.Whether you’re brushing up on new tricks, starting from scratch, or just looking to make your own website a little jazzier, Rob Percival’s new Complete Web Developer Course 2.0 (now […]
Folks used to rely on alarms to protect their home – and before that, the family dog. Now, anyone looking to guard their homes can choose from some high-tech options, including the Amaryllo iCamPRO FHD Home Security Camera (now just $219 in the Boing Boing Store).In fact, this 2015 CES “Best of Innovation” award-winner boasts so many features, it’s […]