Information Security News: 25-GPU cluster cracks every standard Windows password in <6 hours

Nmap Security Scanner
- Intro
- Ref Guide
- Install Guide
- Download
- Changelog
- Book
- Docs
Security Lists
- Nmap Hackers
- Nmap Dev
- Bugtraq
- Full Disclosure
- Pen Test
- Basics
- More
Security Tools
Site News
Advertising
About/Contact
Sponsors:

Information Security News mailing list archives

25-GPU cluster cracks every standard Windows password in <6 hours

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 10 Dec 2012 02:26:15 -0600 (CST)

http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

By Dan Goodin
Ars Technica
Dec 9 2012

A password-cracking expert has unveiled a computer cluster that cancycle through as many as 350 billion guesses per second. It's an almostunprecedented speed that can try every possible Windows passcode in thetypical enterprise in less than six hours.

The five-server system uses a relatively new package of virtualizationsoftware that harnesses the power of 25 AMD Radeon graphics cards. Itachieves the 350 billion-guess-per-second speed when cracking passwordhashes generated by the NTLM cryptographic algorithm that Microsoftincluded in every version of Windows since Server 2003. As a result, itcan try an astounding 958 combinations in just 5.5 hours, enough tobrute force every possible eight-character password containing upper-and lower-case letters, digits, and symbols. Such password policies arecommon in many enterprise settings. The same passwords protected byMicrosoft's LM algorithm—which many organizations enable forcompatibility with older Windows versions—will fall in just six minutes.

The Linux-based GPU cluster runs the Virtual OpenCL cluster platform,which allows the graphics cards to function as if they were running on asingle desktop computer. ocl-Hashcat Plus, a freely availablepassword-cracking suite optimized for GPU computing, runs on top,allowing the machine to tackle at least 44 other algorithms atnear-unprecedented speeds. In addition to brute-force attacks, thecluster can bring that speed to cracks that use a variety of othertechniques, including dictionary attacks containing millions of words.

"What this cluster means is, we can do all the things we normally wouldwith Hashcat, just at a greatly accelerated rate," Jeremi Gosney, thefounder and CEO of Stricture Consulting Group, wrote in an e-mail toArs. "We can attack hashes approximately four times faster than we couldpreviously."


[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

By Date By Thread

Current thread:

25-GPU cluster cracks every standard Windows password in <6 hours InfoSec News (Dec 10)