[3586] in Privacy_Forum
[ PRIVACY Forum ] 25-GPU cluster cracks every standard Windows
daemon@ATHENA.MIT.EDU (PRIVACY Forum mailing list)
Mon Dec 10 19:04:25 2012
Date: Mon, 10 Dec 2012 15:40:55 -0800
To: privacy-list@vortex.com
Message-ID: <20121210234055.GC10753@vortex.com>
MIME-Version: 1.0
Content-Disposition: inline
From: PRIVACY Forum mailing list <privacy@vortex.com>
Reply-To: PRIVACY Forum mailing list <privacy@vortex.com>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: privacy-bounces+privacy-forum=mit.edu@vortex.com
Content-Transfer-Encoding: 8bit
25-GPU cluster cracks every standard Windows password in <6 hours
http://j.mp/12hTcy0 (ars technica)
"The five-server system uses a relatively new package of virtualization
software that harnesses the power of 25 AMD Radeon graphics cards. It
achieves the 350 billion-guess-per-second speed when cracking password
hashes generated by the NTLM cryptographic algorithm that Microsoft
has included in every version of Windows since Server 2003. As a
result, it can try an astounding 95^8 combinations in just 5.5 hours,
enough to brute force every possible eight-character password
containing upper- and lower-case letters, digits, and symbols. Such
password policies are common in many enterprise settings. The same
passwords protected by Microsoft's LM algorithm-which many
organizations enable for compatibility with older Windows
versions-will fall in just six minutes."
- - -
Of course, you need access to the hashes to do this. If sites didn't
make stupid errors that exposed their hash files, this approach would
not be particularly useful in most cases.
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
privacy mailing list
http://lists.vortex.com/mailman/listinfo/privacy
