Security Ledger reports on a breakthrough in password-cracking, using 25 graphics cards in parallel to churn through astounding quantities of password possibilities in unheard-of timescales. It's the truly the end of the line for passwords protected by older hashing algorithms and illustrates neatly how yesterday's "password that would take millions of years to break" is this year's "password broken in an afternoon," and has profound implications for the sort of password hash-dumps we've seen in the past two years.
A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here), has moved the goalposts, again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
New 25 GPU Monster Devours Passwords In Seconds [Security Ledger]
According to a lawsuit filed Tuesday in Chigago, Bose uses software to track the music and other audio listened to on its wireless headphones, violating the privacy of its users and selling the information. The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose’s “wholesale disregard” […]
Bose’s $350 wireless headphones need an app to “get the most” out of them, and this app monitors everything you listen to — the names of the podcasts, the music, videos, etc — and sends them to Bose without your permission, according to a lawsuit filed this week in Chicago by Kyle Zak.
Juicero is a self-parodying high-tech juicing machine that raised millions in venture capital on the promise of delivering a highly calibrated squeeze to a pack of mulch sold in expensive, DRM-locked pouches, for a mere $400.
They probably just sleep a lot. But still, you can remotely keep an eye on them when you’re at work and missing them deeply with this HD monitor from Kodak.If you have a new puppy that destroys everything in sight, or you just want to be a little more security-conscious, this WiFi camera is a […]
Thinking of a business idea is the easy part. Doesn’t even have to be a “good” idea, you can still get people to throw money at a non-existent venture, but to do that you need to at least have something even resembling a viable business plan. Why doesn’t anyone do it then? Because building that semi-viable […]
The Twisty Glass Blunt is an intriguing product that claims to abolish the need to ever buy or use rolling papers. And, well, it does if you so choose. You can cut down on the waste this 4/20, and everyday after when you’re smoking with this clever piece.Built with a German-engineered glass tube and inner […]