[ISN] 25-GPU cluster cracks every standard Windows password in <6 hours

From: InfoSec News <alerts_at_private>
Date: Mon, 10 Dec 2012 02:26:15 -0600 (CST)
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

By Dan Goodin
Ars Technica
Dec 9 2012

A password-cracking expert has unveiled a computer cluster that can 
cycle through as many as 350 billion guesses per second. It's an almost 
unprecedented speed that can try every possible Windows passcode in the 
typical enterprise in less than six hours.

The five-server system uses a relatively new package of virtualization 
software that harnesses the power of 25 AMD Radeon graphics cards. It 
achieves the 350 billion-guess-per-second speed when cracking password 
hashes generated by the NTLM cryptographic algorithm that Microsoft 
included in every version of Windows since Server 2003. As a result, it 
can try an astounding 958 combinations in just 5.5 hours, enough to 
brute force every possible eight-character password containing upper- 
and lower-case letters, digits, and symbols. Such password policies are 
common in many enterprise settings. The same passwords protected by 
Microsoft's LM algorithm—which many organizations enable for 
compatibility with older Windows versions—will fall in just six minutes.

The Linux-based GPU cluster runs the Virtual OpenCL cluster platform, 
which allows the graphics cards to function as if they were running on a 
single desktop computer. ocl-Hashcat Plus, a freely available 
password-cracking suite optimized for GPU computing, runs on top, 
allowing the machine to tackle at least 44 other algorithms at 
near-unprecedented speeds. In addition to brute-force attacks, the 
cluster can bring that speed to cracks that use a variety of other 
techniques, including dictionary attacks containing millions of words.

"What this cluster means is, we can do all the things we normally would 
with Hashcat, just at a greatly accelerated rate," Jeremi Gosney, the 
founder and CEO of Stricture Consulting Group, wrote in an e-mail to 
Ars. "We can attack hashes approximately four times faster than we could 
previously."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Mon Dec 10 2012 - 00:26:15 PST

This archive was generated by hypermail 2.2.0 : Mon Dec 10 2012 - 00:30:39 PST