funsec mailing list archives
Re: Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second
From: Valdis.Kletnieks () vt edu
Date: Mon, 06 Jun 2011 13:11:45 -0400
On Sun, 05 Jun 2011 19:12:51 PDT, Paul Ferguson said:
The results are startling. Working against NTLM login passwords, a
So if you've already pwned the system enough to have access to NTLM password hashes, you can break passwords. Gotcha..
The results are startling. Working against NTLM login passwords, a password of fjR8n can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second.
Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.
Hmm.. 4 seconds for 6 chars, but 17:30 for 6? That's a factor of 262 (probably really 256 and a fuzzy value of 4). So how long does a 15 character password take? That would be 256^9 times 6 chars, or 4,722,366,482,869,645,213,696 times 17 mins 30, or about 157,232,521,785,043,362 GPU-years. Even making it smarter and only trying 96 printables rather than 256 cuts it down to 21,960,108,949 GPU-years. Somehow, I'm more worried about keystroke loggers and similar.
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second Paul Ferguson (Jun 05)
- Re: Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second Martin Hepworth (Jun 05)
- Re: Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second David M Chess (Jun 06)
- Re: Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second Valdis . Kletnieks (Jun 06)