[CS-FSLUG] New 25-GPU Monster Devours Strong Passwords In Minutes

Fri Dec 7 09:16:22 CST 2012

    New 25-GPU Monster Devours Strong Passwords In Minutes
    <http://rss.slashdot.org/%7Er/slashdot/eqWf/%7E3/cC50oUE-O1A/story01.htm>

via Slashdot <http://slashdot.org/> by Soulskill on 12/5/12

chicksdaddy writes "A presentation at the Passwords^12 Conference in 
Oslo, Norway (slides), has moved the goalposts on password cracking yet 
again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) 
demonstrated a rig that leveraged the Open Computing Language (OpenCL) 
framework and a technology known as Virtual Open Cluster (VCL) to run 
the HashCat password cracking program across a cluster of five, 4U 
servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 
Gbps over Infiniband switched fabric. Gosney's system elevates password 
cracking to the next level, and effectively renders even the strongest 
passwords protected with weaker encryption algorithms, like Microsoft's 
LM and NTLM, obsolete. In a test, the researcher's system was able to 
generate 348 billion NTLM password hash checks per second. That renders 
even the most secure password vulnerable to compute-intensive brute 
force and wordlist (or dictionary) attacks. A 14 character Windows XP 
password hashed using LM for example, would fall in just six minutes, 
said Per Thorsheim, organizer of the Passwords^12 Conference. For some 
context: In June, Poul-Henning Kamp, creator of the md5crypt() function 
used by FreeBSD and other, Linux-based operating systems, was forced to 
acknowledge that the hashing function is no longer suitable for 
production use --- a victim of GPU-powered systems that could perform 
'close to 1 million checks per second on COTS (commercial off the shelf) 
GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 
million brute force attempts per second against MD5crypt."

<http://twitter.com/home?status=New+25-GPU+Monster+Devours+Strong+Passwords+In+Minutes%3A+http%3A%2F%2Fbit.ly%2FTOL1U6>Read 
more of this story 
<http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes?utm_source=rss1.0moreanon&utm_medium=feed> 
at Slashdot.

-- 
Islam is a VERY backward religion, that MUST keep it's masses not only
in subjugation, but ignorant and maintain a feudal state that is always
at war, looking to take over the spoils of all other societies. It is by
nature destructive and not constructive. The Q'oran is based on distortions
of the Bible, lies, paganism, racism, hate, contradictions, and ignorance,
with a good dose of stupidity thrown in for good measure. -Fred A. Miller

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://ofb.biz/pipermail/christiansource_ofb.biz/attachments/20121207/16c64daf/attachment.htm>