Researcher Pushes The Limits Of Password Cracking Operations With 25 Concurrent GPUs

Brute force is a popular technique used by researchers and hackers alike to crack passwords. Until now, it was thought that the larger passwords are safe from this technique, given the sheer amount of computing required to brute-force a long password. But that may no longer be the case, as some researchers have now proved.

Brute force

As it is, brute force can crack any encrypted password if it has the right software and hardware. However, that is often not the case. In recent times, longer passwords have rendered brute force fairly obsolete since the required processing power to crack such passwords is not available to most.

But now that we are moving into the era of cloud-computing, things may change drastically. Cloud computing essentially means that we can make use of multiple machines at the same time through a high-speed connection and pool their resources into a single brute force operation.

This is exactly what a researcher, Jeremi Gosney, demonstrated at a conference in Norway. Gosney demonstrated that by making use of a cluster of five servers equipped with 25 AMD Radeon GPUs and connected to each other through a 10 Gbps connection, he was able to crack some of the strongest passwords.

These include the passwords which are set on Windows XP, given the fact that the algorithm Microsoft uses to encrypt them proved rather futile in face of such immense computing powers. This system that Gosney devised was fairly complex and he used Open Computing Language framework in conjunction with Virtual OpenCL to make it work.

To crack the password, he used the HashCat password cracking program. Given the monstrous processing powers that this system could command, it was able to make an unbelievable 77 million brute force attempts per second!

However, such high-level brute force technique can be deployed only for passwords which are available offline. It has no uses against online systems because most of these systems have a limit on the number of sign-in attempts made.

Courtesy: Security Ledger

[ttjad keyword=”security”]


Salman Latif is a software engineer with a specific interest in social media, big data and real-world solutions using the two.Other than that, he is a bit of a gypsy. He also writes in his own blog. You can find him on Google+ and Twitter .

Leave a Reply