GPUs: Good for Gaming AND Cracking Passwords
GPUs: Good for Gaming AND Cracking Passwords
Posted 08/17/2010 at 8:07am
| by Paul Lilly
21
Comments
Print
Don't expect Nvidia, AMD, or any other graphics card maker to start touting this as a marketing bullet, but apparently GPUs are pretty good at decoding passwords with fewer than 12 characters, researchers from the Georgia Institute of Technology claim.
"We've been using a commonly available graphics processor test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places," said Richard Boyd, a senior research scientist at the university's research institute. "Right now we can confidently say that a seven-character password is hopelessly inadequate."
According to Boyd, the release of Nvidia's C-based software development kit really opened a door for would-be hackers to code effective brute-force attacks, especially as today's videocards are capable of so much processing power. The solution, of course, is to pick longer passwords at least 12 characters in length with a mix of letters, numbers, or symbols.
"Length is a major factor in protecting against 'brute forcing' a password," said Joshua Davis, one of the researchers involved in the project. "A computer keyboard contains 95 characters, and every time you add another character, your protection goes up exponentially by 95 times."
More like this
21
Comments
Comments are closed on this article
Morete
August 18, 2010 at 4:03am
How about if you take her to the Biltmore Fashion Park and you can both go visit the Apple Store, lol. Just kidding.
Keith E. Whisman
August 17, 2010 at 10:44pm
Hey look at that, Coach purse for only $35 bucks... My wife would kill for a Coach purse. I can't take her to Scottsdale Fashion Square because of the Coach store there. She wants to spend all her time at the Coach store and I want to spend all my time at the Microsoft store. So fights always start when we are at that mall and I usually end up having to sleep on the Lay-Z-Boy Electric, vibrating, motorized recliner or the Lay-Z-Boy sofa.... God I love my recliner....
rseding91
August 17, 2010 at 3:16pm
Brute force is only good if you can get around the "maximum failed attempts" part of almost every password required feature.
mr_dirt
August 17, 2010 at 3:10pm
...of those keys on your keyboard can't be used in passwords. a-z, 0-9, and depending on the website, some of the punctuation can be used. I've yet to see a web site that allows 'delete' or 'PrintScreen/SysRq' in a password.
That said, this is a pretty interesting application for GPUs, although not particularly surprising. A big portion of that giant new Chinese supercomputer (Dawning Nebulae) gets is computing power from nVidia GPUs.
PawBear
August 17, 2010 at 9:05am
Few important sites permit more than short passwords. I'm always left wondering just how vulnerable I am. Now I know.
Mighty BOB!
August 17, 2010 at 1:00pm
It's even worse with sites that forbid anything other than letters and numbers..
Oh or then there's even a grade worse than that: sites that assign you passcodes and don't let you change them, and they're only 4 characters long and only numbers... T_T
winmaster
August 17, 2010 at 11:18am
This really only applies to local attacks. With a remote attack, the bottleneck would surely be your Internet connection. And if the site features a captcha, a brute force would be very difficult.
stradric
August 17, 2010 at 8:58am
I lost a password on a protected zip file and I've been looking for ways to crack it. I known it's not a complicated password, but I can't remember it for the life of me. I would love to use this software to crack it, but obviously it's a dangerous tool to have.
fa1thful
August 17, 2010 at 10:19pm
Just write your own simple brute force program. I'm actually in the process of programming one in C++ right now. :D
Craig
4th Yr Comp Sci Student
stradric
August 18, 2010 at 5:42am
I could, but I don't have the researchers' awesome algorithm nor do I have any experience programming with the GPU pipeline. Also, why reinvent the wheel and spend all that time writing and testing the app when I'm sure someone has already put the work in.
Keith E. Whisman
August 17, 2010 at 9:14am
That's an easy one. There are quite a few websites with details and dedicated software on breaking password protected compressed files such as zip and rar. Just do a google search on zip password cracking and you'll get a bunch of responses.
stradric
August 18, 2010 at 5:39am
It's actually PAE (power archiver encrypted). I've done the search with no good results. I don't think they extend an API or have an SDK -- just a command line app that I could script. But I don't know of anything like the algorithm they are using in this article.
AMD4298
August 17, 2010 at 8:54am
Who would want to hack my computer anyway?, besides there nothing personal on it.
Jdaily81
August 17, 2010 at 8:52am
I bet the Dream Machine 2010 could pull off some hardcore password cracking!
Keith E. Whisman
August 17, 2010 at 8:28am
I believe there is a way to make a program that can build a badass password thats say 500 characters long. The program would take a simple password that you can easily remember like your name and birthday together and then the program builds a 500 character password that's linked to your easy passward. 500 characters is going to be pretty hard to crack considering the billions of possible combinations. So the passward generator can be on a USB thumb drive.
I know what I'm talking about is nothing new but 500 characters surely is something that's new. Just don't ever forget your simple pass code.
stradric
August 17, 2010 at 8:57am
People have been doing this for a while with MD5, SHA1 or even SHA-512 hashes.
ddimick
August 17, 2010 at 8:39am
KeePass (http://keepass.info/) can do this, although 500 characters is ridiculously long. However, do not use your name and birthday as your passphrase to access the KeePass database. Such a password would not even require a brute-force attach to crack and your entire password database would be wide open.
Instead, use a 8-12 character password containing uppercase, lowercase, punctuation and numbers. Better yet, use a PasswordCard (http://www.passwordcard.org/en) as they aren't succeptible to dictionary attacks. A brute-force attack would still work but it would take a very long time.
Hg Dragon
August 17, 2010 at 8:18am
I rememeber this being talked about when the nVidia 8000-series were just coming out. The parallelism/programability of modern graphics cards make things like this so much easier than the old ways of brute-force and dictionary style of password cracking.
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 14 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 14 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 11 hours ago
