Overclock.net › Forums › Industry News › Hardware News › [arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours
New Posts  All Forums:Forum Nav:

[arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours - Page 11

post #101 of 144
Quote:
Originally Posted by insertacoolname View Post

step 1. use ctrl backspace in password
step 3. Profit!

*Adds ctrl backspace to database of possible entries*
It's-a tu maaach
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 @ 4GHz (1.2 vcore) Asus P7P55D EVO Powercolor 5850 4x 2GB of Corsair XMS 
Hard DriveCoolingMonitorKeyboard
2x 250GB (Raid 0) XSPC Raystorm CPU block + EK 360 rad + XSPC Dua... Samsung UE37C6000  Corsair K90 + Logitech G13 
PowerCaseMouseAudio
Jeantech 1000W Corsair Obsidian 800D Corsair M90 Edirol UA-25 > pair of Pioneer S-DJ08  
  hide details  
Reply
It's-a tu maaach
(12 items)
 
  
CPUMotherboardGraphicsRAM
i5 750 @ 4GHz (1.2 vcore) Asus P7P55D EVO Powercolor 5850 4x 2GB of Corsair XMS 
Hard DriveCoolingMonitorKeyboard
2x 250GB (Raid 0) XSPC Raystorm CPU block + EK 360 rad + XSPC Dua... Samsung UE37C6000  Corsair K90 + Logitech G13 
PowerCaseMouseAudio
Jeantech 1000W Corsair Obsidian 800D Corsair M90 Edirol UA-25 > pair of Pioneer S-DJ08  
  hide details  
Reply
post #102 of 144
hirens password reset 5mins unless encrypted.

Here is a start on a encrypted drive as well.
http://packetfactory.wordpress.com/2012/02/11/reset-windows-password-with-encrypted-drive/
+
http://news.cnet.com/2300-1029_3-6230933.html



Now for Cracking WPA2 this cluster would be the SHIZ! Don't forget the WPS vulnerability that was recently discovered making it even easier.
Edited by cayennemist - 12/10/12 at 4:19pm
BLACK!CE
(13 items)
 
  
CPUMotherboardGraphicsRAM
2500k Z68 Exetreme4 Gen3 MSI 6950 Twin Frozr II 8g 8-9-8 24 1600 
Power
CM 800w Silent Pro Gold 
  hide details  
Reply
BLACK!CE
(13 items)
 
  
CPUMotherboardGraphicsRAM
2500k Z68 Exetreme4 Gen3 MSI 6950 Twin Frozr II 8g 8-9-8 24 1600 
Power
CM 800w Silent Pro Gold 
  hide details  
Reply
post #103 of 144
Quote:
Originally Posted by DaClownie View Post

It wouldn't necessarily take them 49,000 years to crack your password. What if yours was randomly generated first on their list? BAM, 1 second crack.
These are MAX times.

Hence why "up to" was intentionally included in the very post you quoted and responded to. You're arguing a best-case scenario with a worse-case scenario. Even if we don't average to half but go for the extreme example of 10 times the computing power or 10 times the luck, we're still talking just shy of 5,000 years. Even with 10 times the computational power and 10 times the luck, it would take them up to 500 years.

No matter how you want to look at the math, adding to the 8-digit potential passwords mentioned in the OP makes the solve time go up exponentially and very sharply so.

edit:

For a little more perspective, think about this.

Odds of getting killed by lighting in your lifetime - 2,650,000:1

Odds of you winning the lottery - anywhere between 18,000,000:1 and 120,000,000:1

Odds of guessing a random, 12-digit password using uppercase, lowercase, numerals, and special characters or anywhere remotely close to it -

66,631,762,164,108,958,342,448,140,502,408,732,626,873:1

That's over 66 thousand trillian trillian trillian to one.

If you think it's likely anyone will start a brute force anywhere close to such a password, then you must feel damn lucky / borderline blessed every time you walk outside while it's cloudy.

For people who didn't read the post he was responding to, it would take this 25-GPU cluster over 49,000 years to go through all possible combinations in this scenario. We go from less than 6 hours to 49,000 years just by adding 4 digits. Yes, the password being at the very end of all possibilities brute-forced isn't likely, but, when we're talking about lengths of time of this magnitude, it really doesn't matter.
Edited by Kaldari - 12/10/12 at 5:07pm
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
post #104 of 144
Quote:
Originally Posted by XAslanX View Post

They can be cleared with a CMOS clear, but in a office/public environment it's not easy to start cracking open a case to find the reset jumper as it is slipping a USB drive in and booting up HBCD. Also it's a lot harder to get inside a laptop to clear cmos than a desktop.

Are some IT departments dumb enough to have the USB or CD-ROM be the first boot device?
post #105 of 144
Anyone with a USB drive or linux live cd can break into a windows machine in minutes.

Seriously stupid simple to break the SAM file.

Encryption does not stop the drive from being read either... it only takes about an hour or so to clone the data off the drive, which can be then cracked elsewhere.

Don't even need to remove the drive. If it will netboot, it's stealable smile.gif
Edited by Mootsfox - 12/10/12 at 5:24pm
The Fox Box
(16 items)
 
Macbook Pro
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel 3930K ASUS P9X79 ASUS GTX 570 DCII 4 x 4GB G.Skill Sniper 1600MHz LV 
Hard DriveOptical DriveCoolingOS
Intel 330 - 180GB LG HDDVD & Blu Ray Reader Cooler Master Hyper 612 Windows 7 Ultimate 64bit 
MonitorMonitorKeyboardPower
HP ZR30w Samsung 2243BWX Ducky! PCP&C 750w Silencer (coppa) 
CaseMouseMouse PadAudio
Lian Li PC-E8 G9x S&S Steel Onkyo Receiver/Design Acoustics 2.1 system 
CPUGraphicsRAMHard Drive
Core i5 2410M HD 3000 8GB 120GB SSD 
Optical DriveOSOSOS
Super Drive OSX 10.7.2 Win 7 Enterprise (In VB) Ubuntu 10.04 (In VB) 
MonitorPower
13" 1280x800 65w Magsafe 
CPUMotherboardRAMHard Drive
Q9300 Gigabyte P35 8GB DDR2 2TB WD 
Hard DriveHard DriveHard DriveHard Drive
2TB WD 2TB Seagate 1.5TB Seagate 1.5TB Seagate 
Hard DriveHard DriveHard DriveOptical Drive
1TB Hitachi 1TB Hitachi 500GB WD DVD-RW 
OSMonitorKeyboardPower
Win Server 2012 Headless/15" touchscreen Apple mini USB PC P&C 500W 
  hide details  
Reply
The Fox Box
(16 items)
 
Macbook Pro
(10 items)
 
 
CPUMotherboardGraphicsRAM
Intel 3930K ASUS P9X79 ASUS GTX 570 DCII 4 x 4GB G.Skill Sniper 1600MHz LV 
Hard DriveOptical DriveCoolingOS
Intel 330 - 180GB LG HDDVD & Blu Ray Reader Cooler Master Hyper 612 Windows 7 Ultimate 64bit 
MonitorMonitorKeyboardPower
HP ZR30w Samsung 2243BWX Ducky! PCP&C 750w Silencer (coppa) 
CaseMouseMouse PadAudio
Lian Li PC-E8 G9x S&S Steel Onkyo Receiver/Design Acoustics 2.1 system 
CPUGraphicsRAMHard Drive
Core i5 2410M HD 3000 8GB 120GB SSD 
Optical DriveOSOSOS
Super Drive OSX 10.7.2 Win 7 Enterprise (In VB) Ubuntu 10.04 (In VB) 
MonitorPower
13" 1280x800 65w Magsafe 
CPUMotherboardRAMHard Drive
Q9300 Gigabyte P35 8GB DDR2 2TB WD 
Hard DriveHard DriveHard DriveHard Drive
2TB WD 2TB Seagate 1.5TB Seagate 1.5TB Seagate 
Hard DriveHard DriveHard DriveOptical Drive
1TB Hitachi 1TB Hitachi 500GB WD DVD-RW 
OSMonitorKeyboardPower
Win Server 2012 Headless/15" touchscreen Apple mini USB PC P&C 500W 
  hide details  
Reply
post #106 of 144
Quote:
Originally Posted by Mootsfox View Post

Anyone with a USB drive or linux live cd can break into a windows machine in minutes.
Seriously stupid simple to break the SAM file.

Truecrypt and using unique passwords with sufficient length are going to make anyone virtually crack-proof. The thing to think about here is how any of this effects the average person. Sure, someone will hack a website's user database well before they try to brute force each account. The thing is, if you're using unique passwords everywhere, that person would have to hack a new server or service for each new password of yours that they want. These company's alert the public within a reasonable time what has happened most of the time, so it will get changed pretty quickly.

If anyone thinks their files are safe behind a Windows password, they're just ignorant about computer security. If you want files to be truly safe, use a sufficiently long, sufficiently random Truecrypt database password.
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
post #107 of 144
what are we arguing about here? there is no such thing as absolute security.
post #108 of 144
Quote:
Originally Posted by ghostrider85 View Post

what are we arguing about here? there is no such thing as absolute security.

Of course there isn't if we're going to talk about infinite amounts of time. You can become virtually absolutely secure though - virtually just meaning it is so extremely unlikely anyone could get to your data that you might as well label it absolutely secure. If no human can get to it in their lifetime, I'm calling it absolutely secure. I'm mainly talking about Truecrypt databases with sufficient passwords here, but you can minimize user account for website risk to a point where you don't have to worry yourself about it. Might as well call that absolute security too.
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
Bueller
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 3770K 4.7Ghz @ 1.36v Asus Sabertooth Z77 Gigabyte Windforce 780 Ti 3GB 16GB Corsair Vengeance 1866 9-10-9-27 
Hard DriveOptical DriveCoolingOS
256GB Samsung 840 Pro + RAID1 2TB 7200 Hitachis LG 6X Blu-ray Burner Corsair H100i Windows 7 x64 
MonitorKeyboardPowerCase
Asus VG236HE XArmor U9BL-S Enermax Galaxy Evo 1250W Corsair 600T 
MouseMouse PadAudio
Logitech G500 SteelSeries 5L O2DAC -> Corsair SP2500 (or O2 amp and Beyerdyn... 
  hide details  
Reply
post #109 of 144

3 duodecillion years! :D

My Baby
(0 items)
  
Reply
My Baby
(0 items)
  
Reply
post #110 of 144
Quote:
Originally Posted by Kaldari View Post

Of course there isn't if we're going to talk about infinite amounts of time. You can become virtually absolutely secure though - virtually just meaning it is so extremely unlikely anyone could get to your data that you might as well label it absolutely secure. If no human can get to it in their lifetime, I'm calling it absolutely secure. I'm mainly talking about Truecrypt databases with sufficient passwords here, but you can minimize user account for website risk to a point where you don't have to worry yourself about it. Might as well call that absolute security too.

if someone really want your files, there are lot of ways to gain access.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
Overclock.net › Forums › Industry News › Hardware News › [arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours