Lazybit

Behind every easy solution stands a great mind's effort
 

Tags: brute-force

Are better password recovery mechanisms really better?

If you're monitoring the pulse of the IT world, you probably stumbled upon this story:

ElcomSoft has discovered and filed for a US patent on a breakthrough technology that will decrease the time that it takes to perform password recovery by a factor of up to 25. ElcomSoft has harnessed the combined power of a PC's Central Processing Unit and its video card's Graphics Processing Unit. The resulting hardware/software powerhouse will allow cryptology professionals to build affordable PCs that will work like supercomputers when recovering lost passwords.

Now, let me translate that into plain English - they can use the computer's video card to speed up the process of brute-forcing a password. Modern computers have powerful video cards, and it is a pity to let them do nothing while the CPU is working hard.

The part which I find funny is "discovered a breakthrough technology". Was it hidden somewhere in the snows of Siberia, or in the sands of Sahara? ... waiting for hundreds of years for someone to come and discover it... How about "develop" or "invent"?

If I ignore that and only consider the serious stuff, there are several things that I have to say:

  • This is not new, and others have been using the GPU to process data for quite some time;
  • While this does make things a bit faster for the attacker, you should not worry - just add one more letter to your password and you've made their job 26 times slower. And that's a conservative estimate, because we're only dealing with letters. How about making it a bit more complicated and using small-case and upcase letters? How about signs like these: "!#%^*@?", numbers, foreign languages? If you use a character-set that goes beyond the 26 small latin letters, making the password one character longer makes the promised x25 speed-up completely useless;
  • Another thing is that a video card with plenty of horse power is very expensive, so it is difficult to imagine how such a "supercomputer" is affordable. Finally, I would rather invest my funds into more RAM or a better CPU, instead of getting a better video card (but that's me, a 99% non-gamer).

So, if that story made you a bit worried of your privacy, you can relax now. Either of these tips will help you out:

  • Use a stronger password (either longer, or use one with unusual characters, or do both);
  • Switch to smart-cards and tokens, coupled with biometric authentication;
Share/Save/Bookmark
Tags: brute-force, password
PermalinkPermalinkCategories: SoftwareLeave a comment »

Special offer for Lazybit readers

PC/SC compliant smart card reader, compatible with SIM and USIM cards (2G, 3G), as well as CDMA and Nextel cards
  • Edit SIM phonebook
  • Backup and restore SIM cards
  • Erase SIM cards
  • Lifetime warranty
  • many other features...

USD 55
Buy Nowwith FREE shipping
Follow Dekart on Twitter Lazybit subscription via RSS

Categories

Reading material

Recent comments

Tags

2g 3g authentication beta biometric biometry «blue screen» bsod business driver email employment encryption «file system» flash form-filling gsm howto internet keeper keylogger logon mobile password «password carrier» portability portable privacy «private disk» release security seven sim «sim card» «sim explorer» «sim manager» «sim reader» «smart card» software tips token troubleshooting usb usim virtualization vista voyager windows wiping xp

powered by b2evolution free blog software