DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 25, 2019 
Main Menu
News archives

Who's Online
There are currently 208 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

14-character passwords hacked in 6 minutes with 25 GPUs

Posted on Wednesday, December 05 2012 @ 17:11:33 CET by

With the rise in computing power it's increasingly hard to guarantee computer security. Slashdot for instance reports today that Jeremi Gosney (aka epixoip) showed off a GPGPU computing powerhouse at the Passwords^12 Conference in Oslo, Norway that can crack a 14 character Windows XP password (hashed using LM) in just six minutes. To achieve this, he uses a cluster of five 4U servers with a total of 25 AMD Radeon GPUs (10x 7970, 4x 5970, 3x 6990, 1x 5870) communicating at 10Gbps over Infiniband switched fabric.
Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.

In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM, for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.

[Note of clarification from Jeremi: "LM Is what is used on Win XP, and LM converts all lowercase chars to uppercase, is at most 14 chars long, and splits the password into two 7 char strings before hashing -- so we only have to crack 69^7 combinations at most for LM. At 20 G/s we can get through that in about 6 minutes. With 348 billion NTLM per second, this means we could rip through any 8 character password (95^8 combinations) in 5.5 hours." ]
Full details at Security Ledger.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba