Overclock.net › Forums › Industry News › Hardware News › [arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours
New Posts  All Forums:Forum Nav:

[arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours - Page 13

post #121 of 144
Quote:
Originally Posted by Kaldari View Post

Hence why "up to" was intentionally included in the very post you quoted and responded to. You're arguing a best-case scenario with a worse-case scenario. Even if we don't average to half but go for the extreme example of 10 times the computing power or 10 times the luck, we're still talking just shy of 5,000 years. Even with 10 times the computational power and 10 times the luck, it would take them up to 500 years.
No matter how you want to look at the math, adding to the 8-digit potential passwords mentioned in the OP makes the solve time go up exponentially and very sharply so.
edit:
For a little more perspective, think about this.
Odds of getting killed by lighting in your lifetime - 2,650,000:1
Odds of you winning the lottery - anywhere between 18,000,000:1 and 120,000,000:1
Odds of guessing a random, 12-digit password using uppercase, lowercase, numerals, and special characters or anywhere remotely close to it -
66,631,762,164,108,958,342,448,140,502,408,732,626,873:1
That's over 66 thousand trillian trillian trillian to one.
If you think it's likely anyone will start a brute force anywhere close to such a password, then you must feel damn lucky / borderline blessed every time you walk outside while it's cloudy.
For people who didn't read the post he was responding to, it would take this 25-GPU cluster over 49,000 years to go through all possible combinations in this scenario. We go from less than 6 hours to 49,000 years just by adding 4 digits. Yes, the password being at the very end of all possibilities brute-forced isn't likely, but, when we're talking about lengths of time of this magnitude, it really doesn't matter.


Trillian is a character from "The hitch-hiker's guide to the galaxy" ! thumb.gif
Wee-PC
(17 items)
 
Wee black box
(13 items)
 
Boinc Box
(10 items)
 
CPUMotherboardGraphicsGraphics
i7 - 960 Asus P6T7 WS Revolution with MIPS water blocks. XFX HD 7950 + waterblock Powercolour R9 280X 
RAMHard DriveHard DriveOptical Drive
Crucial Ballistics Tracer 6 x 4Gb 2Tb WD caviar green Crucial M4 64 Gb SSD  Sony NEC DVD  
CoolingOSMonitorPower
Apogee Drive + Allphacool 180mm rad W7 Dell 29" 21:9 IPS monitor Coolermaster 1250W PSU 
CaseAudio
Antec P280 Scythe Kama Bay Speaker 
CPUMotherboardRAMHard Drive
i7-4770K Asus Impact VI HyperX beast 2400MHz 2x 8Gb WD 1Tb caviar black x3 
Hard DriveCoolingOSMonitor
Intel X-25 SSD 80 Gb Corsair H80 W7 Panasonic 32" HDTV 
KeyboardPowerCaseOther
Keysonic wireless Silverstone 450 W SFX PSU Fractal Design Array R2 Griffin Powermate 
CPUMotherboardGraphicsGraphics
i7 870  Asus Maximus III Formula GTX 480  HD 5870 
RAMHard DriveCoolingMonitor
OCZ 4x 2Gb  WD 2TB Green Corsair H70 Dell 17"  
PowerCase
Coolermaster Silent Pro 750W NZXT Panzerbox 
  hide details  
Reply
Wee-PC
(17 items)
 
Wee black box
(13 items)
 
Boinc Box
(10 items)
 
CPUMotherboardGraphicsGraphics
i7 - 960 Asus P6T7 WS Revolution with MIPS water blocks. XFX HD 7950 + waterblock Powercolour R9 280X 
RAMHard DriveHard DriveOptical Drive
Crucial Ballistics Tracer 6 x 4Gb 2Tb WD caviar green Crucial M4 64 Gb SSD  Sony NEC DVD  
CoolingOSMonitorPower
Apogee Drive + Allphacool 180mm rad W7 Dell 29" 21:9 IPS monitor Coolermaster 1250W PSU 
CaseAudio
Antec P280 Scythe Kama Bay Speaker 
CPUMotherboardRAMHard Drive
i7-4770K Asus Impact VI HyperX beast 2400MHz 2x 8Gb WD 1Tb caviar black x3 
Hard DriveCoolingOSMonitor
Intel X-25 SSD 80 Gb Corsair H80 W7 Panasonic 32" HDTV 
KeyboardPowerCaseOther
Keysonic wireless Silverstone 450 W SFX PSU Fractal Design Array R2 Griffin Powermate 
CPUMotherboardGraphicsGraphics
i7 870  Asus Maximus III Formula GTX 480  HD 5870 
RAMHard DriveCoolingMonitor
OCZ 4x 2Gb  WD 2TB Green Corsair H70 Dell 17"  
PowerCase
Coolermaster Silent Pro 750W NZXT Panzerbox 
  hide details  
Reply
post #122 of 144
I bet eventually they will require blood sample to encrypt files/enterprise laptops.
Firstborn
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K @ 4.5 GHz 1.320 Vcore Gigabyte UD3 GTX 580 Lightning XE @ stock Ripjaws 16GB 1600Mhz 
Hard DriveOptical DriveOSMonitor
1TB WD Black + 120GB Intel 510 ASUS 24X W7 x64 Dell 24" 
KeyboardPowerCaseMouse
Cheap K200 AX850 CM HAF X MX518 
  hide details  
Reply
Firstborn
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 2600K @ 4.5 GHz 1.320 Vcore Gigabyte UD3 GTX 580 Lightning XE @ stock Ripjaws 16GB 1600Mhz 
Hard DriveOptical DriveOSMonitor
1TB WD Black + 120GB Intel 510 ASUS 24X W7 x64 Dell 24" 
KeyboardPowerCaseMouse
Cheap K200 AX850 CM HAF X MX518 
  hide details  
Reply
post #123 of 144
Need to lengthen my passwords. Only 6 to 8 letter passwords here.
Navy Beast
(14 items)
 
Brother's PC
(13 items)
 
 
CPUMotherboardGraphicsRAM
[INTEL] Core i7 3770K @ 4.5 GHz w/ 1.225V [ASUS] P8Z77-V [GIGABYTE] GTX 670 Windforce Edition [CORSAIR] Vengeance 8GB 1866MHz CL9 
Hard DriveHard DriveOptical DriveCooling
[Intel] 520 120GB [WD] Green 1TB SATA II [SAMSUNG] SH-222BB [NOCTUA] NH-U12P-SE2 
OSMonitorKeyboardPower
[MICROSOFT] Windows 7 Ultimate 64 Bit [ASUS] VH242 24" 1920 x 1080 [BENQ] A800  [CORSAIR] AX750 
CaseMouse
[NZXT] Switch 810 Microsoft Windows Optical Mouse 
CPUMotherboardGraphicsRAM
[AMD] Athlon II x2 240 @ 3.0GHz [MSi] 785GM-E51 [MSi] AMD Integrated HD 4200 Kingston 2 x 2GB DDR3 Dual Channel @ 1064MHz 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar Green 1TB SATA 2 BENQ DVD DD DW1640 ATA Device IDE Windows Ultimate 64 Bit ASUS VH242 24" 1920 x 1080 
KeyboardPowerCaseMouse
Microsoft USB Digital Media Keyboard (IntelliType) Eurocase 400 watt Eurocase Middle Tower 5425 (no case fans) Microsoft USB Wheel Mouse Optical (IntelliPoint) 
Mouse Pad
N/A 
  hide details  
Reply
Navy Beast
(14 items)
 
Brother's PC
(13 items)
 
 
CPUMotherboardGraphicsRAM
[INTEL] Core i7 3770K @ 4.5 GHz w/ 1.225V [ASUS] P8Z77-V [GIGABYTE] GTX 670 Windforce Edition [CORSAIR] Vengeance 8GB 1866MHz CL9 
Hard DriveHard DriveOptical DriveCooling
[Intel] 520 120GB [WD] Green 1TB SATA II [SAMSUNG] SH-222BB [NOCTUA] NH-U12P-SE2 
OSMonitorKeyboardPower
[MICROSOFT] Windows 7 Ultimate 64 Bit [ASUS] VH242 24" 1920 x 1080 [BENQ] A800  [CORSAIR] AX750 
CaseMouse
[NZXT] Switch 810 Microsoft Windows Optical Mouse 
CPUMotherboardGraphicsRAM
[AMD] Athlon II x2 240 @ 3.0GHz [MSi] 785GM-E51 [MSi] AMD Integrated HD 4200 Kingston 2 x 2GB DDR3 Dual Channel @ 1064MHz 
Hard DriveOptical DriveOSMonitor
Western Digital Caviar Green 1TB SATA 2 BENQ DVD DD DW1640 ATA Device IDE Windows Ultimate 64 Bit ASUS VH242 24" 1920 x 1080 
KeyboardPowerCaseMouse
Microsoft USB Digital Media Keyboard (IntelliType) Eurocase 400 watt Eurocase Middle Tower 5425 (no case fans) Microsoft USB Wheel Mouse Optical (IntelliPoint) 
Mouse Pad
N/A 
  hide details  
Reply
post #124 of 144
Quote:
Originally Posted by Atham View Post

Need to lengthen my passwords. Only 6 to 8 letter passwords here.
Just add another 4-letter word . Preferably, one that is unrelated to your current combination (for strength against dictionary attacks).
The Dark Knight
(13 items)
 
Rebirth
(13 items)
 
 
CPUMotherboardGraphicsRAM
i5 2500K. 4.5Ghz (Summer Clocks) ASUS P8P67 Pro ( Rev 3.0 ) MSI 6970 Lightning (downclocked) CFX with MSI 6... 8GB G.Skill Sniper 1600Mhz 
Hard DriveOptical DriveOSMonitor
1 TB Spinpoint F3 +2TB F4(backups) Random LG drive Win7 SP1 64bit ASUS VH236H @1080p 
KeyboardPowerCase
Saitek Gaming keyboard ... >_> Corsair TX750 Rosewill Gear x3 
CPUMotherboardGraphicsRAM
C2D P8600 @ 2.4Ghz (undervolted) Crappy dell Studio XPS one 4670M (1GB) I don't remember... 
Hard DriveOptical DriveOSMonitor
Crucial M4 4x Blu-ray ROM Win7 SP1 64bit 15.6" WLED @ 1080p 
KeyboardPower
Old Saitek Gaming Keyboard 90W adapter 
  hide details  
Reply
The Dark Knight
(13 items)
 
Rebirth
(13 items)
 
 
CPUMotherboardGraphicsRAM
i5 2500K. 4.5Ghz (Summer Clocks) ASUS P8P67 Pro ( Rev 3.0 ) MSI 6970 Lightning (downclocked) CFX with MSI 6... 8GB G.Skill Sniper 1600Mhz 
Hard DriveOptical DriveOSMonitor
1 TB Spinpoint F3 +2TB F4(backups) Random LG drive Win7 SP1 64bit ASUS VH236H @1080p 
KeyboardPowerCase
Saitek Gaming keyboard ... >_> Corsair TX750 Rosewill Gear x3 
CPUMotherboardGraphicsRAM
C2D P8600 @ 2.4Ghz (undervolted) Crappy dell Studio XPS one 4670M (1GB) I don't remember... 
Hard DriveOptical DriveOSMonitor
Crucial M4 4x Blu-ray ROM Win7 SP1 64bit 15.6" WLED @ 1080p 
KeyboardPower
Old Saitek Gaming Keyboard 90W adapter 
  hide details  
Reply
post #125 of 144
There's just one bit that I don't understand. You can generate your billion or more a second password attempts but you've still got to try each one and verify if it's the correct one each time - can you really do that as fast as you can generate the password attempts?
Not SLi any more
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Asus P6TD-Deluxe EVGA GTX770 SC 6GB XMS3 @1530 cas7 
Hard DriveHard DriveHard DriveOptical Drive
Intel X25-M 80GB OCZ Agility 120GB Intel X25-M 40GB LG Blue ROM DVD RW 
CoolingOSMonitorKeyboard
Water cooled w/ T-Balancer BigNG Win 7 x64 Asus PB298Q Cherry 4100L 
PowerCaseMouseMouse Pad
Corsair HX1000 MM UFO-U2 R.A.T. 7 Contagion G.L.I.D.E 9 
AudioAudio
Xonar Essence STX SR80i, DT770 or HT-R518 w/ Monitor Audio BR's 
  hide details  
Reply
Not SLi any more
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Asus P6TD-Deluxe EVGA GTX770 SC 6GB XMS3 @1530 cas7 
Hard DriveHard DriveHard DriveOptical Drive
Intel X25-M 80GB OCZ Agility 120GB Intel X25-M 40GB LG Blue ROM DVD RW 
CoolingOSMonitorKeyboard
Water cooled w/ T-Balancer BigNG Win 7 x64 Asus PB298Q Cherry 4100L 
PowerCaseMouseMouse Pad
Corsair HX1000 MM UFO-U2 R.A.T. 7 Contagion G.L.I.D.E 9 
AudioAudio
Xonar Essence STX SR80i, DT770 or HT-R518 w/ Monitor Audio BR's 
  hide details  
Reply
post #126 of 144
Quote:
Originally Posted by Darren9 View Post

There's just one bit that I don't understand. You can generate your billion or more a second password attempts but you've still got to try each one and verify if it's the correct one each time - can you really do that as fast as you can generate the password attempts?

I'm not even remotely an expert on this topic (yet biggrin.gif), but I don't suppose why not.
MacBook Pro 13"
(6 items)
 
 
Desktop
(13 items)
 
CPUGraphicsRAMHard Drive
Intel i5 3210 @ 2.5 GHz Intel HD4000 4 GB DDR3 @ 1600 MHz 500 GB @ 5400 RPM 
OSMonitor
OSX Mountain Lion 13.3" @ 1280 x 800 
CPUGraphicsRAMHard Drive
Intel i5 480m@2.67GHz AMD Radeon Mobility 5650 4GB DDR3 500GB 
OSMonitor
Windows 7 64bit HP 15.6" 1366x768 
CPUMotherboardGraphicsRAM
E7500 Intel...:( MSI GTS250 1GB 2GB 
Hard DriveOSMonitorPower
250GB Windows XP 17" LG CRT 1280x768@85hz 400W 
  hide details  
Reply
MacBook Pro 13"
(6 items)
 
 
Desktop
(13 items)
 
CPUGraphicsRAMHard Drive
Intel i5 3210 @ 2.5 GHz Intel HD4000 4 GB DDR3 @ 1600 MHz 500 GB @ 5400 RPM 
OSMonitor
OSX Mountain Lion 13.3" @ 1280 x 800 
CPUGraphicsRAMHard Drive
Intel i5 480m@2.67GHz AMD Radeon Mobility 5650 4GB DDR3 500GB 
OSMonitor
Windows 7 64bit HP 15.6" 1366x768 
CPUMotherboardGraphicsRAM
E7500 Intel...:( MSI GTS250 1GB 2GB 
Hard DriveOSMonitorPower
250GB Windows XP 17" LG CRT 1280x768@85hz 400W 
  hide details  
Reply
post #127 of 144
Quote:
Originally Posted by Darren9 View Post

There's just one bit that I don't understand. You can generate your billion or more a second password attempts but you've still got to try each one and verify if it's the correct one each time - can you really do that as fast as you can generate the password attempts?

Well, the verification is a simple compare between strings.

Example, if 2ab96390c7dbe3439de74d0c9b0b1767 is a hash stolen from some website, you might find that the md5 hash of 'a' is 0cc175b9c0f1b6a831c399e269772661, 'b' is 92eb5ffee6ae2fec3ad71c777531578f, and so on.

However, once your guess gets to "hunter2", you calculate that the hash is 2ab96390c7dbe3439de74d0c9b0b1767, and it matches the one stolen from the system.

So, "hunter2" was the password that user logged in with.

The hashing is designed to be (ideally) easy to compute, but impossible to reverse. Still, computing the hashes is far harder than the compare at the end of each guess.
post #128 of 144
Quote:
Originally Posted by Dyson Poindexter View Post

Well, the verification is a simple compare between strings.
Example, if 2ab96390c7dbe3439de74d0c9b0b1767 is a hash stolen from some website, you might find that the md5 hash of 'a' is 0cc175b9c0f1b6a831c399e269772661, 'b' is 92eb5ffee6ae2fec3ad71c777531578f, and so on.
However, once your guess gets to "hunter2", you calculate that the hash is 2ab96390c7dbe3439de74d0c9b0b1767, and it matches the one stolen from the system.
So, "hunter2" was the password that user logged in with.
The hashing is designed to be (ideally) easy to compute, but impossible to reverse. Still, computing the hashes is far harder than the compare at the end of each guess.
That seems to imply (to me) that you have to acquire the hash for the specific user who created the password. I'm half expecting to be be told the hash's are just left lying around and are easy to obtain but (to me again) that isn't cracking any eight character Windows password in six hours, it's computing a password from a known hash.
Not SLi any more
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Asus P6TD-Deluxe EVGA GTX770 SC 6GB XMS3 @1530 cas7 
Hard DriveHard DriveHard DriveOptical Drive
Intel X25-M 80GB OCZ Agility 120GB Intel X25-M 40GB LG Blue ROM DVD RW 
CoolingOSMonitorKeyboard
Water cooled w/ T-Balancer BigNG Win 7 x64 Asus PB298Q Cherry 4100L 
PowerCaseMouseMouse Pad
Corsair HX1000 MM UFO-U2 R.A.T. 7 Contagion G.L.I.D.E 9 
AudioAudio
Xonar Essence STX SR80i, DT770 or HT-R518 w/ Monitor Audio BR's 
  hide details  
Reply
Not SLi any more
(18 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 @ 4.0 Asus P6TD-Deluxe EVGA GTX770 SC 6GB XMS3 @1530 cas7 
Hard DriveHard DriveHard DriveOptical Drive
Intel X25-M 80GB OCZ Agility 120GB Intel X25-M 40GB LG Blue ROM DVD RW 
CoolingOSMonitorKeyboard
Water cooled w/ T-Balancer BigNG Win 7 x64 Asus PB298Q Cherry 4100L 
PowerCaseMouseMouse Pad
Corsair HX1000 MM UFO-U2 R.A.T. 7 Contagion G.L.I.D.E 9 
AudioAudio
Xonar Essence STX SR80i, DT770 or HT-R518 w/ Monitor Audio BR's 
  hide details  
Reply
post #129 of 144
Quote:
Originally Posted by Darren9 View Post

There's just one bit that I don't understand. You can generate your billion or more a second password attempts but you've still got to try each one and verify if it's the correct one each time - can you really do that as fast as you can generate the password attempts?
Remember, they are not trying to log into some site or screen.

They basically have a list of hashs (a string of characters generated by applying a formula to the original password).

You just have to generate your list of hashes from every possible input and compare.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #130 of 144
Quote:
Originally Posted by Darren9 View Post

That seems to imply (to me) that you have to acquire the hash for the specific user who created the password. I'm half expecting to be be told the hash's are just left lying around and are easy to obtain but (to me again) that isn't cracking any eight character Windows password in six hours, it's computing a password from a known hash.
yup they would have to be using an acquired password hash, I know my rig does about 5000 p/s (tested on encrypted rar files with CRARK) but that is CPU/GPU power combined. I wonder how many password guesses per second 25 GPU's could pull off using the standard brute force method. 25 of my sig rigs would only accomplish 125,000 p/s, which is nothing near 350 billion p/s. even if each GPU did 10,000 p/s that's still only 250,000 p/s.
Rog Assassin
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8320 Asus Crosshair V Formula 990FX PNY 560ti OC2 G.Skill RipjawsX 1600 CL9 
Hard DriveOSMonitorPower
Crucial M4 64GB SSD Windows 8 Pro x64 VIZIO 42" LCD 1080p Coolermaster GX650 
Case
NZXT Phantom White 
  hide details  
Reply
Rog Assassin
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8320 Asus Crosshair V Formula 990FX PNY 560ti OC2 G.Skill RipjawsX 1600 CL9 
Hard DriveOSMonitorPower
Crucial M4 64GB SSD Windows 8 Pro x64 VIZIO 42" LCD 1080p Coolermaster GX650 
Case
NZXT Phantom White 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Hardware News
Overclock.net › Forums › Industry News › Hardware News › [arstechnica] 25-GPU cluster cracks every standard Windows password in <6 hours