Results 1 to 19 of 19
-
06-06-2011, 07:54 AM #1
Cheap GPUs are rendering strong passwords useless
Think that your eight-character password consisting of lowercase characters, uppercase characters and a sprinkling of numbers is strong enough to protect you from a brute force attack?
Think again!
Jon Honeyball writing for PC Pro has a sobering piece on how the modern GPU can be leveraged as a powerful tool against passwords once considered safe from bruteforce attack.

Take a cheap GPU (like the Radeon HD 5770) and the free GPU-powered password busting tool called ’ighashgpu‘ and you have yourself a lean, mean password busting machine. How lean and mean? Very:
It gets worse. Throw in a nine-character, mixed-case random password, and while a CPU would take a mind-numbing 43 years to crack this, the GPU would be done in 48 days.The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second.
Increase the password to 6 characters (pYDbL6), and the CPU takes 1 hour 30 minutes versus only four seconds on the GPU. Go further to 7 characters (fh0GH5h), and the CPU would grind along for 4 days, versus a frankly worrying 17 minutes 30 seconds for the GPU.
Surely throwing symbols in there keeps you safe, right? Wrong! Take a password consisting of seven characters, mixed-case/symbols random password like ‘F6&B is’ (note the space), that’s gotta be tough for a bruteforce attack. Right? A CPU will take some 75 days to churn through the possibilities, while a GPU is done with it in 7 hours.
What’s the solution? Well, Honeyball doesn’t know, and neither do I to be perfectly honest. What I do know is that this is a warning, and one that we need to take seriously. Unless we’re willing to move onto 15-16 characters, mixed-case/symbols random password (which will end up on Post-It Notes), passwords will soon only offer protection against honest people.
[UPDATE: Take a look at this - whitepixel 2 running with 4 x HD 5970 cards (8 x GPUs) capable of 33.1 billion MD5 password hashes/sec.]
PC Pro's Full Article
How a cheap graphics card could crack your password in under a secondSpoiler:
-
06-06-2011, 08:35 AM #2
Re: Cheap GPUs are rendering strong passwords useless
Hmm... mind boggling results
But isn't there just a few password guessing chances so that brute force cannot be done?
-
06-06-2011, 10:23 AM #3
Re: Cheap GPUs are rendering strong passwords useless
if someone is hard arsed enough to spend 150$ and 50 days to crack one password of mine
i would be happy to email it to him
BTW all my passwords are random-Uppercase/lowercase/symbols/14 chars
-
06-06-2011, 10:45 AM #4Alpha Geek
- Join Date
- Jan 2007
- Location
- In your hearts
- Posts
- 834
Re: Cheap GPUs are rendering strong passwords useless

-
06-06-2011, 11:51 AM #5
Re: Cheap GPUs are rendering strong passwords useless
Online services usually allow only a fixed number of attempts on password.
Appreciate me now and avoid the rush!!
i5 2500K || 8GB DDRIII 1600 MHz RAM || Zotac GTX560Ti || Samsung 2233sw || Corsair GS600
-
06-06-2011, 12:02 PM #6Right Off the Assembly Line
- Join Date
- Oct 2008
- Posts
- 26
Re: Cheap GPUs are rendering strong passwords useless
The reason why I took NTLM hash for cracking using a GPU is most of us are using it. Aren't 95% of us are using Windows?
-
06-06-2011, 01:53 PM #7Wise Old Owl
- Join Date
- Apr 2008
- Posts
- 1,804
Re: Cheap GPUs are rendering strong passwords useless
What about SLI/Crossfire support?
I might just find it tempting for my 580 SLI lolSelling Palit GTX 580 3GB, EVGA GTX 560 Ti Crysis 2 edition and HIS HD 7970 IceQ X2. Please check the bazaar section for details.
Civilization and Polandball fans, please support this petition to include a polandball achievement in the upcoming expansion pack!!
-
06-06-2011, 02:22 PM #8Right Off the Assembly Line
- Join Date
- Oct 2008
- Posts
- 26
Re: Cheap GPUs are rendering strong passwords useless
ighashgpu does support SLI/CF. But Radeons are generally faster for password cracking.
-
06-06-2011, 02:27 PM #9
-
06-06-2011, 03:49 PM #10
Re: Cheap GPUs are rendering strong passwords useless
Experience true education in Computer Science - http://www.udacity.com | http://www.coursera.org
Spoiler:
-
06-06-2011, 06:19 PM #11
Re: Cheap GPUs are rendering strong passwords useless
Usually brute forcing is the final option to crack a password. Before it these options are considered:
1. Guessing the Password
2. Phishing
This routine is usually followed for cracking a specific's person account, otherwise hacking an entire site (or it's account's database) is a whole entire case.
-
06-06-2011, 08:27 PM #12Broken In
- Join Date
- Mar 2004
- Posts
- 100
Re: Cheap GPUs are rendering strong passwords useless
very intresting
Vicky Advani
---------------------------------------------------------------------------------------
I said "no" to drugs, but they just wouldn't listen.
-
06-06-2011, 11:39 PM #13
Re: Cheap GPUs are rendering strong passwords useless
Great!
ASUS P5KPL AM/PS | P4 @ 3.07GHz | Ubuntu 11.04 / Win Server 2k8 | 1GB DDR2 | Samsung HD080HJ 80GB“The Web is like a dominatrix. Everywhere I turn, I see little buttons ordering me to Submit.”
-
07-06-2011, 05:02 AM #14
Re: Cheap GPUs are rendering strong passwords useless
It cant be used on websites such as FB, Gmail, Yahoo etc which allow only limited attempts.
However its scary for all the other secured documents and applications.
Although I have seen more people falling for personal...err hacking or I dont know what it is called where a combination of personal information usually gives good results.
As someone said- There is no cure for human stupidity.
Also key tracing by logging in the key strokes of the keyboard is used for hacking.
-
07-06-2011, 09:55 AM #15
Re: Cheap GPUs are rendering strong passwords useless
Obviously this is done via brute-force. I could not figure out which password it hacks. How to define the file location..?
MSI P45 Platinum(BIOS v1.7B)|Q9550[E0]@3.85Ghz@1.320V[453x8.5]MCH@1.184V|ICH@1.55V|DDR_V_Ref_A_B@1.05V|NH-D14|Corsair TWIN2X4096-8500C5(5-5-5-15)@1089Mhz@2.14V
2xHD4890[Xfire]@1000/900[MEM/GPU]|Corsair 650TX|Seagate180GB+80GB+WD1TB|SONY-DVD-R|CM690|2x120mm Scythe Ultra Kaze|DELL S2409W|APC 1100VA|Scythe Kaze Server
Windows 7 Ultimate RTM - 64BIT|Catalyst 10.5 (8.14.10.0753) forced with RadeonPRO|PS3 160GB|Sony 40EX520|AC Ryan POHD Mini|APC 800VA|APC 800VA|D425KT|CM100 Elite|2TB WD|Acer D255
Test your spoiler tags before submitting
-
07-06-2011, 10:16 AM #16
Re: Cheap GPUs are rendering strong passwords useless
^It checks the password against a Hash-File until Brute forcing finally gets the correct combination.
Last edited by sygeek; 07-06-2011 at 10:21 AM.
-
07-06-2011, 11:00 AM #17Right Off the Assembly Line
- Join Date
- Oct 2008
- Posts
- 26
Re: Cheap GPUs are rendering strong passwords useless
-
07-06-2011, 10:05 PM #18
Re: Cheap GPUs are rendering strong passwords useless
The point here is not someone directly trying it on websites.
So, when a hacker gets access to any online database, he has access to all the MD5 hash eg: (23fho23sdf2352kjfd), with this kind of power, he could figure out what password created that exact hash and hence has access to anything that password uses.The point isn’t to blindly guess at passwords, the point is to take a known MD5 hash and determine what the plaintext password is that created that hash.
Till date hackers who have successfully hacked into databases have only been able to get to the database but things like passwords were never cracked because it was in MD5 hash algorithm. Now the hackers can figure it out faster!Webhosting for Rs12/month!!
http://www.thinkdigit.com/forum/showthread.php?t=74717
http://www.outpowerhosting.com
-
08-06-2011, 07:03 AM #19
Re: Cheap GPUs are rendering strong passwords useless
Nice Explanation, Cyrus_the_virus
.
To everyone who thinks brute-forcing a password means multiple password attempts on a site, well, it is not. Refer the the above post!
Brute-forcing is always done against some kind of hash until the correct combination is finally retrieved.
Similar Threads
-
A light but strong laptop?
By AsharRM18 in forum Laptops and NetbooksReplies: 6Last Post: 17-06-2012, 09:46 PM -
Easy to remember strong passwords
By vishcool in forum Technology NewsReplies: 12Last Post: 10-05-2010, 03:23 PM -
Is vista Firewall strong enough ????????
By CadCrazy in forum Software Q&AReplies: 8Last Post: 27-06-2007, 10:44 PM -
Old PC still going strong
By klinux in forum QnA (read only)Replies: 23Last Post: 14-01-2006, 06:27 PM -
how to make strong passwords
By wolvrine in forum TutorialsReplies: 12Last Post: 22-08-2005, 08:53 AM



LinkBack URL
About LinkBacks
Reply With Quote

Bookmarks