A new five-server computer cluster of GPUs has been created that has the power to crack computer passwords in minutes. The cluster can go through up to 350 billion guesses per second to crack passcodes, meaning it can try every possible eight-character Windows password with both upper-and lower-case letters, digits and symbols used in a typical enterprise within six hours, Ars Technica reported.
The system achieves the hundreds of billions of guesses per second by solving password hashes generated by Microsoft’s NTLM cryptographic algorithm, included in every Windows server created since 2003, the article stated. Some of these passwords could “fall” in just six minutes.
“We can attack hashes approximately four times faster than we could previously,” Jeremi Gosney, the founder and CEO of Stricture Consulting Group, told Ars.
The cluster was presented in early December in Oslo, Norway at the Passwords^12 conference, the article stated. Gosney said before the new system, the fastest passcode-cracking machine was a computer with four AMD Radeon graphic cards, which could make about 88 billion guesses per second and was able to solve 90 percent of the 6.5 million LinkedIn password hashes. In comparison, the new system has 25 AMD graphic cards.
Gosney thinks the software for the system could be used for a setup of as many as 128 AMD GPUs.
“The limitation of this configuration is that it cannot be used for attacks against live systems, but could be extremely helpful for decrypting the huge leaks of password hashes that became normal in the last couple of years,” the article stated.
Ars Technica said consumers should assume the majority of their passwords are hashed with fast algorithms and create passcodes that are at least nine characters long. Passwords between 13 and 20 characters will be more secure against these types of advanced passcode-cracking computers. Also, users should not reuse passwords for multiple accounts for layered security.
Do you see the benefits of this new system? How could it help with the development of computer security?.