Windows passwords easily guessed by 25-GPU server

[nsane.forums]

A server cluster comprising of 25 AMD Radeon GPUs can crack every single eight-character Windows password in under 6 hours, at blistering rate of 350 billion guesses per second.

Ever wondered how secure the password to your Windows workstation is? Well, as it turns out, it's pretty insecure when put up against a 25-GPU server cluster running a combination of Linux and freely available password-cracking software suites. Said server, powered by 25 AMD Radeon graphics cards, manages to brute force Windows passwords at a rate of 350 billion guesses-per-second, making short work of eight-character passwords.

This is one of five servers that eats passwords for breakfast

In around 5.5 hours the server cluster can try 6.6 quadrillion password combinations, enough to check every possible eight-character password including upper/lower-case letters, digits and symbols. Microsoft's NTLM cryptographic algorithm, which has been in use since Windows Server 2003, now seems remarkably weak and particularly insecure in some enterprise settings. With access to a hash of a workstation password, this machine will most likely be able to crack it in under a day.

Of course, this machine can only really guess passwords up to eight characters in a reasonable time, as adding just one extra character (to nine characters total) would require 500 hours to crack; 10 characters and you're looking at 5.4 years of cracking time. However, as many businesses stipulate eight characters as a minimum, there's a possibility that this machine will make (relatively-speaking) short work of it.

This 25-GPU machine is not limited to just cracking Windows passwords - it also has the power to guess at 44 other algorithms at a blistering pace. It attacks SHA1 at 63 billion guesses per second and MD5 at 180 billion guesses per second, although struggles against some super-tough encryption such as SHA512crypt (just 364,000 guesses per second).

What should you make of this information? Don't make your passwords anything less than nine characters long, and of course don't use a word or phrase that might appear in a dictionary.

View: Original Article

[demoneye]

amazing , what if they made a 50 gpu cluster pc? or even 200 ??? i am sure NSA / FBI got such a machine or even stronger :)

good post !!!

[Sonar]

I bet it fails in many ways that they don't seem to talk about.

[Shadowx]

Nice post exactly :) never know what held

[majithia23]

Damn ! :mellow:

What are the GPU numbers ?

[nIGHT]

This 25+ gpus paired with a 100 core cpu and I say "WTF"!

source for 100 core cpu

http://www.tomshardw...CPUs,14543.html

[calguyhunk]

I will be honored the day somebody employs that gargantuan monstrosity to crack my Windows password. Will mean I'm a pretty important person :P

[nclr11111]

Wonder what the new "Titan" is capable of if used for cracking PW?

18688 16-Core Opteron 6274 and 18688 Nvidia Tesla K20 GPU´s.

Hard to pick a secure PW if that was used for cracking :P

"a theoretical peak performance of more than 20 petaflops, or more than 20,000 trillion calculations per second"