Security Ledger reports on a breakthrough in password-cracking, using 25 graphics cards in parallel to churn through astounding quantities of password possibilities in unheard-of timescales. It's the truly the end of the line for passwords protected by older hashing algorithms and illustrates neatly how yesterday's "password that would take millions of years to break" is this year's "password broken in an afternoon," and has profound implications for the sort of password hash-dumps we've seen in the past two years.
A presentation at the Passwords^12 Conference in Oslo, Norway (slides available here), has moved the goalposts, again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
New 25 GPU Monster Devours Passwords In Seconds [Security Ledger]
I’d call it a spoiler, but you already know what’s coming: “As Seen On TV” garden gadgets are not much good, however ingenious they seem to be. Household Hacker picked up a few items and subjected them to tests. None were terrible or dangerous, but the gimmicks don’t really work — a trimmer that uses […]
The Inverter is a kickstarted, sub-$500, 34mm automatic mechanical watch built around Citizen's Miyota Calibre 9000 movement, augmented with a custom module that makes the watch run backwards, so that it can be mounted so that the movement is exposed (beneath a sapphire crystal), with the back of the watch becoming its "face."
Damon Beres notes that the situation with folding displays is quickly going to hell. Enter Samsung’s Galaxy Fold, a kind of metal and glass taco that could define a new category of personal device — provided the company can get the thing to work. Several tech writers accidentally broke the gadget’s foldable display shortly after receiving review […]
Kudos to those of us who have chosen a less wasteful third option to “paper or plastic” at the supermarket or club stores. Tote bags are reusable, but they can be a pain to tote around. Here’s an upgrade to that planet-saving measure. The Club Cart Lotus Trolley Bag is that rare tote you’ll want […]
Looking for a career in IT, gaming or software development? In the ever-changing world of the internet, versatility is your biggest asset. In other words, mastering Java might not cut it in an interview if you don’t know C#. However, there’s a bundle that covers the essentials in most any language. The Legendary Learn to […]
Getting a set of cookware that will outlast you is one of those signs you’ve truly grown up. It used to be easy to find durable materials that also cook well, but these days it can be hard to tell what’s quality and what brands are coasting by on a recognizable name. Well, there’s at […]