Overclock.net › Forums › Industry News › Hardware News › [ZDNet]Cheap GPUs are rendering strong passwords useless
New Posts  All Forums:Forum Nav:

[ZDNet]Cheap GPUs are rendering strong passwords useless  

post #1 of 67
Thread Starter 
Quote:
Think that your eight-character password consisting of lowercase characters, uppercase characters and a sprinkling of numbers is strong enough to protect you from a brute force attack?

Think again!

Jon Honeyball writing for PC Pro has a sobering piece on how the modern GPU can be leveraged as a powerful tool against passwords once considered safe from bruteforce attack.

Source

Time to re-think how we setup our passwords...
Ж Prometheus Ж
(12 items)
 
  
CPUMotherboardGraphicsRAM
i7 7700K ROG Maximus IX Hero  EVGA GTX 1080 Ti FE G.Skill TridentZ RGB 
Hard DriveOSMonitorKeyboard
Samsung M2 960 Pro 512, Samsung 840 Pro, 4GB WD... Windows 10 Pro Acer XB271HU Vengeance K95 RGB-MX Red 
PowerCaseMouseMouse Pad
Seasonic SS1000XP Obsidian 800D modified Razer Deathadder Chroma Razer Sphex 
  hide details  
Ж Prometheus Ж
(12 items)
 
  
CPUMotherboardGraphicsRAM
i7 7700K ROG Maximus IX Hero  EVGA GTX 1080 Ti FE G.Skill TridentZ RGB 
Hard DriveOSMonitorKeyboard
Samsung M2 960 Pro 512, Samsung 840 Pro, 4GB WD... Windows 10 Pro Acer XB271HU Vengeance K95 RGB-MX Red 
PowerCaseMouseMouse Pad
Seasonic SS1000XP Obsidian 800D modified Razer Deathadder Chroma Razer Sphex 
  hide details  
post #2 of 67
We need to use GPUs for encoding as well as decoding then. Simple enough.
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
post #3 of 67
This has been known for quite sometime now.
post #4 of 67
8 characters? Lol. I haven't used 8 char passwords since 2001.
Why upgrade?
(14 items)
 
Why overclock?!
(15 items)
 
 
CPUMotherboardGraphicsRAM
Core i5 760 ASUS 55i Sabertooth EVGA 960 4GB 8gb 1600mhz Vengeance 
Hard DriveHard DriveOSMonitor
120gb Intel 320 (OS) 500gb Samsung 850 Evo Win 7 64 Viewsonic VX2250-Wm 
PowerCaseMouseAudio
Seasonic G 550w Gold Lancool PC-K9B Logitech G5 X-Fi Titanium/AT-H700 
CPUMotherboardGraphicsRAM
Core i5 4690k Asus Z97 Sabertooth mk2 EVGA 970 8gb Kingston 1833mhz 
Hard DriveHard DriveCoolingOS
128GB Samsung 830 500GB Samsung 840 Evo allota fans but quiet! Win 7 64 
MonitorKeyboardPowerCase
Dell U2311H Rev. A01 Mechanical w/ Cherry Blues NZXT Hale 650w NZXT Phantom - white 
MouseMouse PadAudio
Anker CG100 Steelseries 9HD Sennheiser HD555 
  hide details  
Why upgrade?
(14 items)
 
Why overclock?!
(15 items)
 
 
CPUMotherboardGraphicsRAM
Core i5 760 ASUS 55i Sabertooth EVGA 960 4GB 8gb 1600mhz Vengeance 
Hard DriveHard DriveOSMonitor
120gb Intel 320 (OS) 500gb Samsung 850 Evo Win 7 64 Viewsonic VX2250-Wm 
PowerCaseMouseAudio
Seasonic G 550w Gold Lancool PC-K9B Logitech G5 X-Fi Titanium/AT-H700 
CPUMotherboardGraphicsRAM
Core i5 4690k Asus Z97 Sabertooth mk2 EVGA 970 8gb Kingston 1833mhz 
Hard DriveHard DriveCoolingOS
128GB Samsung 830 500GB Samsung 840 Evo allota fans but quiet! Win 7 64 
MonitorKeyboardPowerCase
Dell U2311H Rev. A01 Mechanical w/ Cherry Blues NZXT Hale 650w NZXT Phantom - white 
MouseMouse PadAudio
Anker CG100 Steelseries 9HD Sennheiser HD555 
  hide details  
post #5 of 67
Quote:
Originally Posted by mbudden View Post
This has been known for quite sometime now.
agreed.

Ive already used a 8800 to crack wpa. using my own network for testing of course. gotta keep it legal (=
Edited by illusive snpr - 6/6/11 at 1:04pm
post #6 of 67
It's pretty obvious since we all know that GPUs have more cores than CPUs.
Trinity
(19 items)
 
  
CPUMotherboardGraphicsRAM
AMD A10-5800K Biostar Hi-Fi A85W APU Integrated Graphics G.Skill 8GB (2 x 4GB) 1600MHz CL9 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 64GB Western Digital WD Blue 500GB Lite-On iHAS124 CD/DVD Burner Cooler Master Hyper 212 EVO (Pull Configuration) 
OSMonitorMonitorKeyboard
Windows 7 Home Premium 64-Bit NEC MultiSync LCD1970VX NEC MultiSync LCD1970VX Filco Majestouch Black w/ Cherry MX Blue (JIS l... 
PowerCaseMouseMouse Pad
Corsair CX430 NZXT Source 220 Logitech Click! Mouse SteelSeries QcK Mini Diablo III Edition 
AudioAudioOther
Sony SRS-T10PC USB Portable Speaker Realtek Onboard Audio Intel Centrino Desktop Wireless 
  hide details  
Trinity
(19 items)
 
  
CPUMotherboardGraphicsRAM
AMD A10-5800K Biostar Hi-Fi A85W APU Integrated Graphics G.Skill 8GB (2 x 4GB) 1600MHz CL9 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 64GB Western Digital WD Blue 500GB Lite-On iHAS124 CD/DVD Burner Cooler Master Hyper 212 EVO (Pull Configuration) 
OSMonitorMonitorKeyboard
Windows 7 Home Premium 64-Bit NEC MultiSync LCD1970VX NEC MultiSync LCD1970VX Filco Majestouch Black w/ Cherry MX Blue (JIS l... 
PowerCaseMouseMouse Pad
Corsair CX430 NZXT Source 220 Logitech Click! Mouse SteelSeries QcK Mini Diablo III Edition 
AudioAudioOther
Sony SRS-T10PC USB Portable Speaker Realtek Onboard Audio Intel Centrino Desktop Wireless 
  hide details  
post #7 of 67
Of course, this is more easily solved by some low tech practices - like slowing down the process of entering a password, and chucking the connection if a password is entered incorrectly three times in a row. If a system allows thousands or tens of thousands of attempts per second, multiplied by hundreds or thousands of connection points - brute force attempts are entirely capable of breaking even the strongest passwords. This however, is not really breaking or cracking, but rather, using every possible random combination until one works.

Three attempts in a second then a five second pause, would do great damage to those that attempt brute force entries - even the fanciest, multiple GPU with the nastiest code would yield defeat unless it was spectacularly lucky to strike gold.

Of course, most of these "cracks" that we have seen are probably not due to some supercomputing cluster using high-tech methodologies at great costs and crazy performance, but rather, lower tech stuff, like disgruntled former employees that got the boot, or someone that wrote down all of the passwords that are regularly written on Post-It notes and taped to monitors. Even the most severe security fails if passwords are weak or simply printed somewhere for someone to pluck and use.

On that note - my boss picks WEAK passwords - like Kramer, since he is a fan of Seinfeld. One time we had a computer issue and he called for my password, and he still couldn't get it, I had to drive across the county to press those keys that I have used since before the VIC-20...
post #8 of 67
Quote:
Originally Posted by EvanPitts View Post
On that note - my boss picks WEAK passwords - like Kramer, since he is a fan of Seinfeld. One time we had a computer issue and he called for my password, and he still couldn't get it, I had to drive across the county to press those keys that I have used since before the VIC-20...
That's how most people choose passwords. I got into somebody's computer once, without knowing the person or anything about him. I just looked around his office and it was filled with Detroit Red Wings posters and other paraphernalia. That was enough info to guess his password in 3 tries.
Death Star
(21 items)
 
Darksaber
(11 items)
 
 
CPUMotherboardGraphicsRAM
Athlon II x2 245 Asus M3A78 Radeon HD6570 1GB Mushkin Silverline 2GB DDR2  
Hard DriveOptical DriveOSMonitor
OCZ Vertex 2 120GB Samsung Blu-Ray Windows 7 Samsung 46" DLP 
PowerCaseOther
Silverstone Strider Essentials 400W Silverstone Milo ML03B Hauppage WinTV 1250 
  hide details  
Death Star
(21 items)
 
Darksaber
(11 items)
 
 
CPUMotherboardGraphicsRAM
Athlon II x2 245 Asus M3A78 Radeon HD6570 1GB Mushkin Silverline 2GB DDR2  
Hard DriveOptical DriveOSMonitor
OCZ Vertex 2 120GB Samsung Blu-Ray Windows 7 Samsung 46" DLP 
PowerCaseOther
Silverstone Strider Essentials 400W Silverstone Milo ML03B Hauppage WinTV 1250 
  hide details  
post #9 of 67
On a serious note, passwords do need to get stronger as time goes on, because the methods to break them also get stronger. It's just a fact of life.

Check out this Dilbert comic from 1998. A password like that was considered ridiculous and overkill back then. These days, a 6 character password isn't even considered to be very strong.

Edit: and just in case you want a glimpse into the Future.
Edited by wedge - 6/6/11 at 1:33pm
Death Star
(21 items)
 
Darksaber
(11 items)
 
 
CPUMotherboardGraphicsRAM
Athlon II x2 245 Asus M3A78 Radeon HD6570 1GB Mushkin Silverline 2GB DDR2  
Hard DriveOptical DriveOSMonitor
OCZ Vertex 2 120GB Samsung Blu-Ray Windows 7 Samsung 46" DLP 
PowerCaseOther
Silverstone Strider Essentials 400W Silverstone Milo ML03B Hauppage WinTV 1250 
  hide details  
Death Star
(21 items)
 
Darksaber
(11 items)
 
 
CPUMotherboardGraphicsRAM
Athlon II x2 245 Asus M3A78 Radeon HD6570 1GB Mushkin Silverline 2GB DDR2  
Hard DriveOptical DriveOSMonitor
OCZ Vertex 2 120GB Samsung Blu-Ray Windows 7 Samsung 46" DLP 
PowerCaseOther
Silverstone Strider Essentials 400W Silverstone Milo ML03B Hauppage WinTV 1250 
  hide details  
post #10 of 67
I use a 19 character password of both letters and numbers. Think I'm OK.
Animal Mother
(14 items)
 
  
CPUMotherboardGraphicsRAM
I7 2600k 4.5Ghz 1.368v  Gigabyte Z68X UD3H B3 ver. 1.3 MSI GTX 780 Ti Twin Frozr IV @ 1180Mhz 16GB Kingston Hyperx Savage 1600Mhz 9.9.9.27 1.5v 
Hard DriveCoolingOSMonitor
Kingston UV400 240GB SSD, WD 3x640GB, 1TB & 3TB  Noctua NHU12P SE2 w/ KAZE 1200RPM & 1800RPM Windows 10 x64 Samsung P2450H 24" 
KeyboardPowerCaseMouse
Redragon Karuna Corsair TX750W V2 Cooler Master 690 II Advanced Redragon Pegasus 
Mouse PadAudio
SteelSeries QcK XFi Gamer Fatality Pro + Plantronics Gamecom 777 
  hide details  
Animal Mother
(14 items)
 
  
CPUMotherboardGraphicsRAM
I7 2600k 4.5Ghz 1.368v  Gigabyte Z68X UD3H B3 ver. 1.3 MSI GTX 780 Ti Twin Frozr IV @ 1180Mhz 16GB Kingston Hyperx Savage 1600Mhz 9.9.9.27 1.5v 
Hard DriveCoolingOSMonitor
Kingston UV400 240GB SSD, WD 3x640GB, 1TB & 3TB  Noctua NHU12P SE2 w/ KAZE 1200RPM & 1800RPM Windows 10 x64 Samsung P2450H 24" 
KeyboardPowerCaseMouse
Redragon Karuna Corsair TX750W V2 Cooler Master 690 II Advanced Redragon Pegasus 
Mouse PadAudio
SteelSeries QcK XFi Gamer Fatality Pro + Plantronics Gamecom 777 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
This thread is locked  
Overclock.net › Forums › Industry News › Hardware News › [ZDNet]Cheap GPUs are rendering strong passwords useless