Creating a New Reality: Cracking One Billion Passwords per Second

Discussion in 'privacy general' started by HURST, Oct 3, 2008.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
  2. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I guess we are all possibly at risk if we do not use well thought out passwords.

    A good argument to encrypt all important data.
     
  3. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I remember an ars techinca article about the parallel computing power in our video cards. I thought to myself that password cracking might be an interesting application of this power...what do ya know :p
     
  4. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    If you read it carefully, its basically capable of 1 Billion MD5 Hashes per second... Its not a blanket 1 Billion passwords per second, I think it said it still can only do 25,000 MS Office Passwords per second.
     
  5. phyrewall

    phyrewall Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    4
    It's also "overheated puffery" as my son's favorite movie would say.

    It's not cracking 1 Billion passwords a second, it's brute-force attempting 1 Billion possiblities against the target a second. That's completely different than actually cracking a target.

    It has to be a file on the system doing the attempts. Meaning, it was copied, downloaded, whatever on to the system's hard drive. This means if they don't either have physical access to or have found a hole in the network security of your system, they can't even attempt to crack your file. If it's an attempt on a system's network access, then 1 Billion is NOT going to happen over the Internet. Not to mention that any sysadmin worth his salt would have a monitoring daemon running that would block any IP that was brute forcing its way onto the system.

    Also, 1 Billion/sec attempts against a password means didly squat against a properly created password. DoD standards are 15 characters, and must contain at least 2 letters, 2 uppercase letters, 2 numbers, and 2 special characters (!@#$%^&*). It would take a long time (see attachment) to crack that hash even with the file being on the cracking system (and hopefully that never occurs).

    --
    Sources:

    The Internet Encyclopedia (Bidgoli, Hossein) http://books.google.com/books?id=np...&hl=en&sa=X&oi=book_result&resnum=1&ct=result
     

    Attached Files:

  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi phyrewall, welcome to wilders.
    It seems you'll be able to share some good knowledge around here!:thumb:
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    When I did the math on my own password I assumed One billion attempts per second using 1 million processors and the time still came out to almost 100 lifetimes of the galaxy where that lifetime is 15 billion years.
     
  8. nakasta2

    nakasta2 Lurker

    Joined:
    Nov 4, 2008
    Posts:
    1
    Yeah with the advent of nVidida CUDA GPU programming, cracking has had its doors opened wide.

    This really stinks. Now we might have to start double-salting or doing something drastic to get past all this.
     
  9. phyrewall

    phyrewall Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    4
    Thank you for the welcome. I hope to be useful!

    Yes, improvements in calculation speeds are moving forward by leaps and bounds, but by no means should you worry any time soon. If Moore's Law holds true, manufacturers will need to individually place atoms to manufacture silicon chips throughout the 2010's. At the 0.10-micron stage (each transistor would be composed of less than 100 atoms), small silicon chips containing millions or billions of transistors would no longer be able to control the flow of electrons.

    So, we'll have to wait and see how Moore's Law deals with physics. As a 30-something year old, I don't see myself too worried at any point in my lifetime. At worst I may have to increase my password size from 20 characters to 30-50 characters when I'm safeguarding my cache of holo-porn from the nursing home staff. :p
     
Loading...
Thread Status:
Not open for further replies.