http://www.elcomsoft.com/PR/edpr_081002_en.pdf

I guess we are all possibly at risk if we do not use well thought out passwords.

A good argument to encrypt all important data.

I remember an ars techinca article about the parallel computing power in our video cards. I thought to myself that password cracking might be an interesting application of this power...what do ya know :P

If you read it carefully, its basically capable of 1 Billion MD5 Hashes per second... Its not a blanket 1 Billion passwords per second, I think it said it still can only do 25,000 MS Office Passwords per second.

It's also "overheated puffery" as my son's favorite movie would say.

It's not cracking 1 Billion passwords a second, it's brute-force attempting 1 Billion possiblities against the target a second. That's completely different than actually cracking a target.

It has to be a file on the system doing the attempts. Meaning, it was copied, downloaded, whatever on to the system's hard drive. This means if they don't either have physical access to or have found a hole in the network security of your system, they can't even attempt to crack your file. If it's an attempt on a system's network access, then 1 Billion is NOT going to happen over the Internet. Not to mention that any sysadmin worth his salt would have a monitoring daemon running that would block any IP that was brute forcing its way onto the system.

Also, 1 Billion/sec attempts against a password means didly squat against a properly created password. DoD standards are 15 characters, and must contain at least 2 letters, 2 uppercase letters, 2 numbers, and 2 special characters (!@#$%^&*). It would take a long time (see attachment) to crack that hash even with the file being on the cracking system (and hopefully that never occurs).

--
Sources:

The Internet Encyclopedia (Bidgoli, Hossein) http://books.google.com/books?id=npw1Z1rT7BsC&pg=PA9&lpg=PA9&dq=1+billion+password+attempts+per+second&source=web&ots=RDfUuYWHtu&sig=_WVRf6jsQU30NFtWBpWz0KKqkPI&hl=en&sa=X&oi=book_result&resnum=1&ct=result

Hi phyrewall, welcome to wilders.
It seems you'll be able to share some good knowledge around here!:thumb:

When I did the math on my own password I assumed One billion attempts per second using 1 million processors and the time still came out to almost 100 lifetimes of the galaxy where that lifetime is 15 billion years.

Yeah with the advent of nVidida CUDA GPU programming, cracking has had its doors opened wide.

This really stinks. Now we might have to start double-salting or doing something drastic to get past all this.

{QUOTE-> Hi phyrewall, welcome to wilders.
It seems you'll be able to share some good knowledge around here!:thumb: <-QUOTE}

Thank you for the welcome. I hope to be useful!

{QUOTE-> Yeah with the advent of nVidida CUDA GPU programming, cracking has had its doors opened wide.

This really stinks. Now we might have to start double-salting or doing something drastic to get past all this. <-QUOTE}

Yes, improvements in calculation speeds are moving forward by leaps and bounds, but by no means should you worry any time soon. If Moore's Law holds true, manufacturers will need to individually place atoms to manufacture silicon chips throughout the 2010's. At the 0.10-micron stage (each transistor would be composed of less than 100 atoms), small silicon chips containing millions or billions of transistors would no longer be able to control the flow of electrons.

So, we'll have to wait and see how Moore's Law deals with physics. As a 30-something year old, I don't see myself too worried at any point in my lifetime. At worst I may have to increase my password size from 20 characters to 30-50 characters when I'm safeguarding my cache of holo-porn from the nursing home staff. :P