GPU Crackers make Seven Character Passwords Inadequate

That’s the news from the Georgia Tech Research Institute. Using the power of a graphics video card processor (GPU) to crack passwords is not new news. But with the speeds that the GPU’s are reaching, they now have the ability to easily brute force up to seven character passwords.

According to the GTRI case study, “We’ve been using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech and many other places,” said Richard Boyd, a senior research scientist at the Georgia Tech Research Institute (GTRI).

“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”

So, how fast have Graphic Processors become? Today’s graphic cards can run at speeds approaching 2 Teraflops! Teraflops are used to measure processing speed. A teraflop is one trillion floating point operations per second. To put that speed in prospective, the fastest super-computer in the year 2000 could run at 7 Teraflops. And it was a $110 million dollar monster of linked computers. Now imagine all of that speed leveraged into brute forcing passwords. This is exactly what can be done with password cracking software based on the GPU.

How long should passwords be? According to the case study, “any password shorter than 12 characters could be vulnerable – if not now, soon.”

So, what do we do? According to an article on GCN, the best defense against this is to use sentences for your passwords. I whole heartedly agree and actually use this for my own personal passwords. Take something that means something to you and make a password out of it. Throw in a few special characters for added safety. For example:

MyV0lksw@genIsTheF@stestC@r!   (Don’t even try this on my systems, I am a MOPAR nut)

It is easy to remember because it means something to you. It is complex because it uses upper and lower case letters, symbols, a number and is very long.

GPUs will become faster as time goes on, so the time of using passwords alone to protect your systems may be at an end. The GCN article recommends using a two part system for authentication. “Agencies have gradually been moving toward two-factor authentication systems, which take some of the pressure off of passwords. As the processing units available to attackers become increasingly powerful, two-factor systems could become even more necessary.”

The upcoming Windows 8 is supposed to have facial recognition built it. According to Windows8News, the feature will be called “My PC  Knows Me”.  The feature will provide enhanced login security, including facial recognition augmented with password or fingerprint authentication. The PC will also be able to detect when the user walks away and automatically place the computer into sleep mode.

Very amazing indeed, but I will not be impressed until the computer can detect your face, change your status to “busy”, pull up the latest news you like and automatically make your favorite cup of coffee.     🙂 

Want to know more? Check out these newer articles:

Cracking 14 Character Complex Passwords in 5 Seconds
No need to crack complex 20 character passwords, Just pass them

World’s Fastest Computer to Design Nuclear Power Plants

Interesting story on The Register today. The US will use the fastest supercomputer, called “Jaguar“, to design the latest nuclear reactors and the future ITER Fusion Project.

Because of the incredible speed of Jaguar, power plant designers have more capability to simulate plans and designs. “We’re now simulating entire nuclear facilities, such as a nuclear power reactor facility with its auxiliary buildings and the ITER fusion reactor, with much greater accuracy than any other organization that we’re aware of”, said John Wagner, Technical Integration Manager for Nuclear Modelling at the Oak Ridge National Laboratory.

Just how fast is Jaguar? It is rated at a blazing 1.75 petaflops. According to Wikipedia,  “FLOPS (or flops or flop/s) is an acronym meaning FLoating point Operations Per Second. The FLOPS is a measure of a computer’s performance, especially in fields of scientific calculations that make heavy use of floating point calculations.” A simple calculator runs at about 10 FLOPS. A petaflop is 10 to the 15th power FLOPS. That’s a lot of FLOPS!

What is amazing to is how cheap and fast computers have become. According to Wikipedia, in 1961 a Gigaflop cost about 1.1 Trillion dollars, and required 17 million IBM 1620’s to produce. In 2009, a single ATI Radeon video card topped out at 3.04 teraflops bringing the cost per Gigaflop down to about oh, thirteen cents. Wow…

Putting all the technobable aside, Jaguar is fast, really fast, and yes… it runs Linux!