It might be time to reconsider that “password” password (again) – a new machine built by security experts can break it in nanoseconds. Not that anybody should be using “password” as a password, but statistically, people still do.
Anyway, Jeremi Gosney’s monster password-cracking rig is powered by 25 AMD Radeon GPUs distributed between five 4U servers running the Hashcat password cracking app, and is capable of parsing 348 billion NTLM password hashes per second. Effectively, this means an 8-character password can be broken in about 5.5 hours. Passwords using the mostly deprecated Windows LM hash encryption can be cracked in just 6 minutes.
All your password are belong to us.
It’s probably worth noting that a system like this is built to break entire password databases in an offline scenario where there’s no set number of attempts, and not your OkCupid account login. Unless, of course, OkCupid’s password database was stolen, in which case those photos of your junk you sent to everybody would be totally compromised.
Source: Security Ledger (via Boing Boing)
Related articles:
Worst gaming passwords of 2012
Hacker steals MMO source code to launch own game
Steam is vulnerable to hackers
Beware of saving passwords in your web browser
