Overclock.net › Forums › Industry News › Hardware News › [ZDNet]Cheap GPUs are rendering strong passwords useless
New Posts  All Forums:Forum Nav:

[ZDNet]Cheap GPUs are rendering strong passwords useless - Page 5  

post #41 of 67
Quote:
Originally Posted by EvanPitts View Post
Of course, this is more easily solved by some low tech practices - like slowing down the process of entering a password, and chucking the connection if a password is entered incorrectly three times in a row.
This. It is Information Security 101...I mean, this is truly basic, folks...to lock an account after a small number (typically three or five) failed attempts. The account would then unlock after calling your service desk or waiting a set amount of time (e.g. 15-20 minutes). I don't care how fast a GPU gets, if I only allow 5 attempts every 20 minutes, you are never breaking into any specific individual account with brute force.

Of course, the sad truth is that there are a lot of systems out there where the sysadmin either failed InfoSec 101, doesn't believe in it, thnks it's too expensive, or whatever. I'm looking at you, Sony Playstation Network. (Thanks for the two free games, though.)
Vulcan's PC
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 6700K Gigabyte GA-Z170X-Gaming 7 EVGA GTX 970 G.Skill Ripjaws 4 DDR4-3000 16GB (4x4) 
Hard DriveHard DriveOptical DriveCooling
Crucial M500 SSD Western Digital Caviar LG Blu-Ray burner Cooler Master Hyper 212 Evo 
OSMonitorKeyboardPower
Windows 10 Pro x64 Acer XB270HU Logitech G15 ThermalTake Smart 750W 
CaseMouse
Lian Li PC-6077 Logitech G5 
  hide details  
Vulcan's PC
(15 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 6700K Gigabyte GA-Z170X-Gaming 7 EVGA GTX 970 G.Skill Ripjaws 4 DDR4-3000 16GB (4x4) 
Hard DriveHard DriveOptical DriveCooling
Crucial M500 SSD Western Digital Caviar LG Blu-Ray burner Cooler Master Hyper 212 Evo 
OSMonitorKeyboardPower
Windows 10 Pro x64 Acer XB270HU Logitech G15 ThermalTake Smart 750W 
CaseMouse
Lian Li PC-6077 Logitech G5 
  hide details  
post #42 of 67
Quote:
Originally Posted by pursuinginsanity View Post
8 characters? Lol. I haven't used 8 char passwords since 2001.
I havent used 8 character passwords since they were required on some websites... on the ones that aren't I use a 6 char. I'm betting most people are like me - they want a fast easy and short password.


Quote:
Originally Posted by VulcanDragon View Post

Of course, the sad truth is that there are a lot of systems out there where the sysadmin either failed InfoSec 101, doesn't believe in it, thnks it's too expensive, or whatever. I'm looking at you, Sony Playstation Network. (Thanks for the two free games, though.)
nice
The Hedgehog
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asrock Extreme 4 Gen3 Galaxy GTX 470 775/1550/1700 @ 1.0v Gskill Sniper DDR3 1866 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 SSD Intel 330 SSD Asus Cooler Master Hyper 212+ 
OSMonitorPowerCase
Win 7 64 Pro Lenovo L2440x LED LCD 24" @ 1920x1200 OCZ ZX 850w Gold Corsair 500R White 
Mouse
Logitech G500 
  hide details  
The Hedgehog
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asrock Extreme 4 Gen3 Galaxy GTX 470 775/1550/1700 @ 1.0v Gskill Sniper DDR3 1866 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 SSD Intel 330 SSD Asus Cooler Master Hyper 212+ 
OSMonitorPowerCase
Win 7 64 Pro Lenovo L2440x LED LCD 24" @ 1920x1200 OCZ ZX 850w Gold Corsair 500R White 
Mouse
Logitech G500 
  hide details  
post #43 of 67
Brute forcing a password is based on length, the longer your password, the longer it takes to brute force.

Using a mix of upper/lower/digits/symbols will maximize the time necessary to crack it, but length is key.

Good Password: Fr#8nai))8s

But that's unrememberable.

Another Good Password: Amo*976-........________kkkkkkkk((((((((

Very rememberable, and works just as well, and better. Why? Because its so long it will take forever to brute force. Putting it into a calculator shows it would take centuries to brute force with the best systems available today.
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
post #44 of 67
how does this brute force attack actually work with regard to the password length.

let's say the actual password is 6 characters, does the cracker need to know the length or does it just assume that it is an 8 character password and then have the two last characters as null?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600k Asus Pro Sapphire 6970 Corsair 4x4 
Hard DriveOSPowerMouse Pad
corsair 300 win 7 x64 None My desk 
  hide details  
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600k Asus Pro Sapphire 6970 Corsair 4x4 
Hard DriveOSPowerMouse Pad
corsair 300 win 7 x64 None My desk 
  hide details  
post #45 of 67
The 3 strikes and your reset to a longer time out approach only works when the cracking is performed inline. When the passwords are evaulate (cracked) offline it doesnt matter what the time out gap is as it does not come into play. Furthermore, the GPU can be used to crack WPA and WPA2 passwords via a passive mode that would also avoid the time out period as the passwords are sniffed out of the air.

If you want to play download the following GPU password cracking tool ( IGHASHGPU ) I think the latest version is V.80.16.1. You will need either a Nvideo card or a AMD 5000 series. I dont think they got the AMD 6000 series working.

Also consider looking up rainbow tables if you have a lot of diskspace. It is an alternative approach.

Have Fun
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
post #46 of 67
Easy, make it so every 5 wrong passwords you have to wait 30 minutes or so to reconnect.
    
CPUMotherboardGraphicsRAM
Intel Core i5 3570k @ 4.5Ghz ASRock Z77 Pro3 Powercolor Radeon HD7950 3GB @ 1150/1350 4x4GB G.Skill Ares 2000Mhz CL9 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 250GB Western Digital Black 1TB WD1002FAEX Seagate Barracuda 3TB ST3000DM001 Samsung Spinpoint EcoGreen 2TB 
Optical DriveCoolingCoolingCooling
Pioneer DVR-220LBKS Noctua NH-D14 Scythe Gentle Typhoon 1850rpm Corsair AF140 Quiet Edition 
CoolingOSMonitorMonitor
Arcitc Cooling Acclero Twin Turbo II Arch Linux x86-64, amdgpu BenQ G2220HD BenQ G2020HD 
KeyboardPowerCaseMouse
Ducky Shine III Year of the Snake, Cherry Blue Silverstone Strider Plus 600w CoolerMaster CM690 II Black and White SteelSeries Sensei Professional 
Mouse PadAudioOther
Artisan Hien Mid Japan Black Large ASUS Xonar DX NZXT Sentry Mesh 30w Fan Controller 
  hide details  
    
CPUMotherboardGraphicsRAM
Intel Core i5 3570k @ 4.5Ghz ASRock Z77 Pro3 Powercolor Radeon HD7950 3GB @ 1150/1350 4x4GB G.Skill Ares 2000Mhz CL9 
Hard DriveHard DriveHard DriveHard Drive
Samsung 840 250GB Western Digital Black 1TB WD1002FAEX Seagate Barracuda 3TB ST3000DM001 Samsung Spinpoint EcoGreen 2TB 
Optical DriveCoolingCoolingCooling
Pioneer DVR-220LBKS Noctua NH-D14 Scythe Gentle Typhoon 1850rpm Corsair AF140 Quiet Edition 
CoolingOSMonitorMonitor
Arcitc Cooling Acclero Twin Turbo II Arch Linux x86-64, amdgpu BenQ G2220HD BenQ G2020HD 
KeyboardPowerCaseMouse
Ducky Shine III Year of the Snake, Cherry Blue Silverstone Strider Plus 600w CoolerMaster CM690 II Black and White SteelSeries Sensei Professional 
Mouse PadAudioOther
Artisan Hien Mid Japan Black Large ASUS Xonar DX NZXT Sentry Mesh 30w Fan Controller 
  hide details  
post #47 of 67
LMAO.

You guys are such idiots. You can have a 36 digit randomized password that needs your biosignature and the conditions on saturn on the 3rd, 7th, and 22nd day, and I can still break it. How you ask?

Social. Engineering.

Lowtech solutions don't work on social engineers, I use "forgot password", answer your security questions that after 2-3 days of talking to you have obtained, and now im in your base, killing your mans.

I mean, I guess that doesn't work on things like harddrives or WiFi, stuff you need REAL bruteforce for, but social engineering your web passwords is cakewalk.
post #48 of 67
Quote:
Originally Posted by Odyn View Post
LMAO.

You guys are such idiots. You can have a 36 digit randomized password that needs your biosignature and the conditions on saturn on the 3rd, 7th, and 22nd day, and I can still break it. How you ask?

Social. Engineering.

Lowtech solutions don't work on social engineers, I use "forgot password", answer your security questions that after 2-3 days of talking to you have obtained, and now im in your base, killing your mans.

I mean, I guess that doesn't work on things like harddrives or WiFi, stuff you need REAL bruteforce for, but social engineering your web passwords is cakewalk.
I have a plan against that. Security questions do not necessarily reflect their answers.
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
post #49 of 67
Quote:
Originally Posted by Odyn View Post
LMAO.

You guys are such idiots. You can have a 36 digit randomized password that needs your biosignature and the conditions on saturn on the 3rd, 7th, and 22nd day, and I can still break it. How you ask?

Social. Engineering.

Lowtech solutions don't work on social engineers, I use "forgot password", answer your security questions that after 2-3 days of talking to you have obtained, and now im in your base, killing your mans.

I mean, I guess that doesn't work on things like harddrives or WiFi, stuff you need REAL bruteforce for, but social engineering your web passwords is cakewalk.
Odyn

I doubt very much you would be able to soical engineer a 36 digit randomized password. Those systems most of the time are one time use only and you need a key to turn. Furthermore, the users are given extensive computer security training.

It may be possible but highly unlikely to be successful
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
Gunslinger
(13 items)
 
  
CPUMotherboardGraphicsRAM
1090 MSI 890FXA GD70 5870 Corsair 
Hard DriveOSMonitorPower
C300 Windows I-INC Thermaltake 850 
Case
HAF 932 
  hide details  
post #50 of 67
If you guys want to try and simulate bruteforcing
Try Tripcode explorer
Or if you want to use your GPU and multiply the speed by 10
use MTY.

I'm sure you guys heard of 4chan, so no need to explain there.

Type in a string and see how long your computer looks for it.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
This thread is locked  
Overclock.net › Forums › Industry News › Hardware News › [ZDNet]Cheap GPUs are rendering strong passwords useless