[Karasin Black]

http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125

"The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second."

[Stahlseele]

Shit, gotta make sure nobody at works sees this . . Our Password Rules are strict and dumb and complicated enough as it is <.<

[FastJack]

Well, I think I know what to get for my next PC tower now...

[Stahlseele]

*pats his new GTX580 3072*

[CanRay]

Great, as if I wasn't paranoid enough as it is...

[Stahlseele]

Dr.Strange-Data. Or how i learned to stop worrying and to love the hack.

[CanRay]

Dr.Strange-Data. Or how i learned to stop worrying and to love the hack.

I've stayed away from learning about hacking.

Nuclear weaponry on the other hand...

[hobgoblin]

NTLM is a poor example as it is known to be weak. Hell, these days it is there mostly as backwards compatibility in networks where older windows install are used side by side with new ones.

https://secure.wikimedia.org/wikipedia/en/wiki/NTLM

Btw, i read something recently claiming that a password based on a full sentence was very secure. This because spaces can show up in all kinds of places, and the number of characters grow quickly. Question is if some of the password systems around can actually handle a proper length.

[Stahlseele]

There is no security anymore.
Even with the most perfectly secure password, there is cloud computing.
you can rent time on amazons server farm for what ever you want.
so if you are willing to plop down some money, the server farm will reduce the work time for cracking a given password from years to hours . .

[CanRay]

At the rate we're going, I'm going to need a retinal scan, palmprint scan, colonoscopy, and DNA test just to turn on my personal computer...

[FastJack]

There is no security anymore.
Even with the most perfectly secure password, there is cloud computing.
you can rent time on amazons server farm for what ever you want.
so if you are willing to plop down some money, the server farm will reduce the work time for cracking a given password from years to hours . .

Rent? Why would you rent something Apple is giving away for free?

Add to that the changes coming with Windows 8.

Welcome to the future, hackerz.

[Stahlseele]

There is no security anymore.
Even with the most perfectly secure password, there is cloud computing.
you can rent time on amazons server farm for what ever you want.
so if you are willing to plop down some money, the server farm will reduce the work time for cracking a given password from years to hours . .

Rent? Why would you rent something Apple is giving away for free?

Add to that the changes coming with Windows 8.

Welcome to the future, hackerz.

Because THAT iShit is NOT cloud COMPUTING . .
It's basically Cloud Storage with a bit of (anti)social webworking implemented . .
Cloud COMPUTING is something like SETI@Home for example, where the computing power of several hundred thousand computers(or in the case of the amazon, several dozend server farms), is used to do real computing of stuff.

[CanRay]

You know, with the PSN hacked, there was a big chance for some major cloud computing using the PS3s like they do with those ghetto Supercomputers using multiple Consoles...

[Xzylvador]

Who cares if you could generate 10 trillion passwords per second? If the server you're trying to brute force only accepts one retry every 3 seconds, it'll still take years and years until you reach the right guess.

[hobgoblin]

Who cares if you could generate 10 trillion passwords per second? If the server you're trying to brute force only accepts one retry every 3 seconds, it'll still take years and years until you reach the right guess.

This was applied to a password harsh file. Funny thing is that if your dealing with a server, you may be able to trick it into reading out such files to you even tho it is not in the normal paths the server handles.

Then it a matter of applying rainbow tables and brute force techniques to find a matching hash. This then tells you the plain text password.