Re: Fwd: [Infowarrior] - How a cheap graphics card could crack your password in under a second

[Valdis.Kletnieks () vt edu]

On Sun, 05 Jun 2011 19:12:51 PDT, Paul Ferguson said:

> The results are startling. Working against NTLM login passwords, a

So if you've already pwned the system enough to have access to NTLM
password hashes, you can break passwords. Gotcha..

> The results are startling. Working against NTLM login passwords, a
> password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate
> of 9.8 million password guesses per second. On the GPU, it takes less
> than a second at a rate of 3.3 billion passwords per second.

> Increase the password to 6 characters (pYDbL6), and the CPU takes 1
> hour 30 minutes versus only four seconds on the GPU. Go further to 7
> characters (fh0GH5h), and the CPU would grind along for 4 days, versus
> a frankly worrying 17 minutes 30 seconds for the GPU.

Hmm.. 4 seconds for 6 chars, but 17:30 for 6? That's a factor of 262 (probably
really 256 and a fuzzy value of 4).  So how long does a 15 character password
take? That would be 256^9 times 6 chars, or 4,722,366,482,869,645,213,696
times 17 mins 30, or about 157,232,521,785,043,362 GPU-years.  Even
making it smarter and only trying 96 printables rather than 256 cuts it down
to 21,960,108,949 GPU-years.

Somehow, I'm more worried about keystroke loggers and similar.

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.