25-GPU cluster can brute force Windows password in record time

By Shawn Knight ยท 61 replies
Dec 10, 2012
Post New Reply
  1. Arris

    Arris TS Evangelist Posts: 4,730   +379

    Yes, we do the "maths" in the UK.
  2. captaincranky

    captaincranky TechSpot Addict Posts: 13,010   +2,536

    You know, sometimes I spell color, "colour", favor, "favour", as a tribute to our common heritage. This, in spite of the fact it drives Firefox's spell checker absolutely bonkers. But "maths"? I'm sorry, that's where I draw the queue......;)
  3. Arris

    Arris TS Evangelist Posts: 4,730   +379

    It's the abbreviation of mathematics, so to me math (even thought I can understand it's use) sounds wrong.

    How about centre?
    RocketSteve likes this.
  4. RocketSteve

    RocketSteve TS Rookie

    At least having reread my own post after some amusing and whitty (yes with and 'h', like yoghurt) banta, I can see my own mistake in the maths, but it still only adds up to 4.4hrs of GPU time... (83^8 should be 93^8)
  5. captaincranky

    captaincranky TechSpot Addict Posts: 13,010   +2,536

    How so? Using "math" as the abbreviation makes more sense, especially to a lazy American. You just cut the end of the word off completely, instead of picking and choosing. Down comes the knife, and off comes the foreskin....it's as simple as Bris....:eek:

    Oh hell, why not just take out the vowels the way the children do, "Mthmtcs" ;)

    I'll give it a shot, but I know Firefox isn't going to like it.

    (Yeah, FF gave you the big red wavy line on that one:D ).
    Arris likes this.
  6. jondonnis

    jondonnis TS Rookie

    Which is then lost due to either being in a crash and losing said limb or just forgetting the item needing to be carried.

    Passwords need to be secure its true, but you also have to get into the mind of the simple user. Those simple users will ALWAYS end up writing the password down somewhere.
  7. Row1

    Row1 TS Guru Posts: 343   +13

    Why bother cracking Windows passwords? Just ask the NSA for access and info. They apparently are pretty willing to grant access to all kind of info.
  8. Satki

    Satki TS Member Posts: 24

    This is a brute force attack - it could get through biometrics (which after all are simply converted to a long line of numbers), though it would take a very long time as each additional character increases the cracking time exponentially.
  9. Now add in phonetic spelling of other language (e.g., ping yin for Chinese)...

    I guess I'm going to look for a site that lets me see if a word I want to use exists in the bible.
  10. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Well actually this is a relatively common scenario. If reversing arbitrary hashes was easy, authenticity checks of messages (which is used in cryptography) would be easily compromised. A malicious attacker could, without breaking your encryption, add random garbage to messages and the receiver would think the message was still authentic and untampered.

    Also, websites that store passwords usually stored salted and hashed passwords, not the raw passwords. If the website database is compromised, the attacker has of course access to the hashed passwords for every user. If you could crack the hashes there, you gain a database of passwords and email addresses at a minimum which you could then try on other websites as people often re-use passwords.

    So the strength of the hash is extremely important for offline attacks!
  11. GregH

    GregH TS Rookie

    I know this is an old topic, but I gotta point something out.

    It says in the article that it is only feasible to work offline because websites limit password attempts. That means local access to the system.

    Now, if this article is talking about login access (Can't tell, it's very poor on details.) Then it's a waste as Hiren's Boot CD has a program that will break any windows password in less than five minutes.

    I'm guessing this was an attempt to drum up business for Mr. Gosney.
  12. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Depends on what version of a Windows password hashing algorithm you are talking about. There are legacy protocols that are trivial to break as you imply but you can force Windows to use more modern hashes which cannot be broken in 5 minutes.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...