Want to be scared about passwords?

Want to be scared about passwords?

Turns out there are plenty (according to Ars Technica) of password "recovery" tools out there. They use graphics cards to do the work. A good example is that with two graphics card, it takes 56 seconds to crack a random 8 character password! Wow, makes you really think about how passwords are being used particulary given everything that is stuffed in the cloud. Hashcat is an example is a good example of an open source tool. It knows a bunch of password algorithms (from Windows to SQL Server) so you just run it against a hash and then see what the password is. The thing is completely offline so it is pretty amazing.

overview -- bruteforcing an 8 character password consisting of a-z, 0-9 (2,821,109,907,456 possible combinations) estimated time to run thru the entire keyspace was 10 minutes. the actual time it took to find the password was 56 seconds (see below). 

%d bloggers like this: