Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New 25-GPU Monster Devours Strong Passwords In Minutes

Soulskill posted about 2 years ago | from the om-nom-nom dept.

Encryption 330

chicksdaddy writes "A presentation at the Passwords^12 Conference in Oslo, Norway (slides), has moved the goalposts on password cracking yet again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft's LM and NTLM, obsolete. In a test, the researcher's system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference. For some context: In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other, Linux-based operating systems, was forced to acknowledge that the hashing function is no longer suitable for production use — a victim of GPU-powered systems that could perform 'close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,' he wrote. Gosney's cluster cranks out more than 77 million brute force attempts per second against MD5crypt."

Sorry! There are no comments related to the filter you selected.

my password (5, Funny)

Anonymous Coward | about 2 years ago | (#42189817)

So it doesn't matter anymore I'm using 000000 as password ....

Re:my password (4, Funny)

jones_supa (887896) | about 2 years ago | (#42189917)

Hey, that's the combination of my luggage!

Re:my password (-1)

Anonymous Coward | about 2 years ago | (#42190003)

1.... 2.... 3.... 4.... 5....

Re:my password (-1)

Anonymous Coward | about 2 years ago | (#42190011)

arm... we can start the cllub here i guess.
we can watch space balls together? what do you think?

MD5? Windoze XP? INSECURE LEGACY!! (1, Informative)

Anonymous Coward | about 2 years ago | (#42189825)

Who gives a rat's ass about such golden oldies? It's been possible for the longest time to fairly quickly crack windoze passwords (if you have the file) and MD5 has been known to be insecure for quite some time already...

So newer hardware is faster than older hardware. Who would've thunk?

Re:MD5? Windoze XP? INSECURE LEGACY!! (2)

lennier1 (264730) | about 2 years ago | (#42190493)

Would be more interesting to see the results from an attack on a SHA-512 hash of a 15 character password. Stuff like that isn't that uncommon in many web applications out there.

Nowadays, MD5 offers mostly decorative value, whenever you want something unimportant to have a more uniform look (e.G. public reference IDs for blog entries).

first (-1)

Anonymous Coward | about 2 years ago | (#42189831)

but does it run Linux...

Re:first (4, Funny)

kh31d4r (2591021) | about 2 years ago | (#42190269)

imagine a beowulf cluster of these...

Use different passwords for different things (5, Insightful)

TheLink (130905) | about 2 years ago | (#42189839)

My conclusion is to use different passwords for different things. They don't have to be that strong.

As long as the passwords are strong enough to prevent brute forcing over the _NETWORK_ they are strong enough. If you don't pick an overly stupid password then either you or the site is going to be pwned before the hackers brute-force/guess your password over the network.

If someone has hacked into the site to obtain the hashes, it's likely they can do other stuff anyway (make transactions, get your info, maybe even get the plaintext of your password), so don't waste your time making and using super long passwords.

Re:Use different passwords for different things (5, Insightful)

bmo (77928) | about 2 years ago | (#42189905)

Pretty much this. Brute forcing passwords over the Internet is silly and non-productive.

>it's likely they can do other stuff anyway

What, you mean like the Youporn chat registration list that had the usernames and passwords *and* verification email addresses in plaintext? Or like when Yahoo was compromised? Or like dozens of other companies were compromised? Or like when EMC was spear-phished out of RSA tokens?

My concern isn't someone with a hundred Tesla cards cracking passwords. My concern is dumb admins and people falling for social-engineering.

--
BMO

Re:Use different passwords for different things (1)

JohannesJ (952576) | about 2 years ago | (#42190349)

They that is account provider can easily use delays and lockout an account after too many tries. 10 would work nicely. After 10, lockout account for 15 Minutes or more , GPU attack is now dead in water Oh account holder is locked out too? Yeah call that an attack alert feature. The question is how often does this mass attack happen to any one account? .

Re:Use different passwords for different things (1)

nazsco (695026) | about 2 years ago | (#42190461)

Yahoo properly hashes

Re:Use different passwords for different things (1)

mstefanro (1965558) | about 2 years ago | (#42189909)

You are disconsidering locally-required passwords (encrypting a file or partition, protecting a private key, authenticating into the OS etc.)

Re:Use different passwords for different things (3, Insightful)

Sique (173459) | about 2 years ago | (#42189967)

You are missing situations where for instance config files are stored separately. I have the situation where I are going on a customer site to replace defective network gear, and I get the config files to upload them into the gear before replacing them. For security reasons, I don't get the configured console password, if I made an error, I would have to empty the config via recovery and start anew. I just replace the gear, phone the network guy of the customer and he then checks connectivity. It wouldn't help to modify the config before uploading to an empty password, because part of the configuration is the connection to an AAA server which kicks in as soon as the network connectivity is there, and then it closes all open consoles and locking me out. But if I could brute force the shared keys whose hashes are in the config files, I might still get in.

Re:Use different passwords for different things (5, Informative)

DrXym (126579) | about 2 years ago | (#42190079)

Different passwords for different things is a good idea.

But the issue is not brute forcing over the network. The issue is hackers stealing a database of passwords, then bruteforcing the lot of them locally. Some sites don't even bother to hash the password at all and some don't salt them or use a weak hash. So if the database is lifted, the hackers could potentially recover some or all of the passwords with little or no effort. So if you use the same email and password for an insecure site as a strong site, you are trouble.

Therefore it would be wise to arrange sites into tiers of importance. Tax / health / social security on the top. Then banks. Then cloud / email services. Then stores. Then sites with personally identifying info. Then forums and other throwaway crap. For each tier take appropriate measures to ensure uniqueness of the password and login id and use password safe to manage this mess. On the bottom tier, you could probably use the same throwaway password for every site, or a variant of it (e.g. tack on the first 4 letters of the domain host) since a compromise is a nuisance rather than as a threat.

And use something like Password Safe so you don't have to remember all this crap.

Did you even read the GP's post? (2)

brunes69 (86786) | about 2 years ago | (#42190293)

But the issue is not brute forcing over the network. The issue is hackers stealing a database of passwords, then bruteforcing the lot of them locally.

If anyone with motivations beyond that of a script kiddie is doing this, then you are already totally screwed - they can already steal all your transaction information or make their own transactions or transfer funds or do whatever they want to do as ANY UID in that system - WHY would they ruin that and post them on the web?

And if it *IS* a script kiddie, only interested in "cred" and he leaks the password hash DB on the net, then AGAIN so what, because like the GP said you are using different passwords for different sites.

Re:Use different passwords for different things (2)

Dins (2538550) | about 2 years ago | (#42190307)

I've often thought about trying something like Password Safe, but I commonly use 4 different computers that I might need my passwords on. And 3 of those are at home where I might be accessing a bank. So unless there's some way around that problem I'm not thinking of, I'll stick to my main 6 or 8 long random ones.

Ha, what I really need is some sort of cloud password service. Wait...

Re:Use different passwords for different things (1)

bbelt16ag (744938) | about 2 years ago | (#42190397)

I use lastpass for my internet sites and when i am away from my home pc.

Re:Use different passwords for different things (3, Interesting)

Rich0 (548339) | about 2 years ago | (#42190451)

I'd echo the other suggestion to use lastpass. I was struggling with the same issues. In theory the passwords are encrypted/decrypted locally and they do not have access to them. Of course, I'm sure they could be bruteforced as with any of the other sites. That said, I am a bit more inclined to trust one site whose sole purpose is storing passwords than every web forum on the internet. These days most of my passwords are randomly generated thanks to lastpass.

The real pain has been with smartphone apps, which don't integrate well with lastpass. I can access my passwords on the phone, but I have to do copy/paste to get the password into the app, and some apps are brain-dead and reset when context-switching which means I need to at least manually enter the username (which is a pita if it is a long email address).

People also point out keepass, but it doesn't support every OS I use. Lastpass always has the browser as a fallback if nothing else.

Re:Use different passwords for different things (4, Informative)

somersault (912633) | about 2 years ago | (#42190499)

I keep my Keypass database in Dropbox. That way it's synched to all my machines, or I can download it to my phone, or access it via a web browser.

Re:Use different passwords for different things (1)

complete loony (663508) | about 2 years ago | (#42190469)

And every password should use a different salt. Sure you can try 77 million combinations a second, but you can't check those results across the entire password file. You have to repeat the entire cracking process for each user.

Re:Use different passwords for different things (0)

Anonymous Coward | about 2 years ago | (#42190223)

You're basically dismissing any type of MITM attack which could be used to harvest encrypted passwords. That's not a good way to approach security. Yes, it's important to restrict the number of access attempts at the site level, but just as an example I could be sitting in a coffee shop harvesting information from other people using the public access point and using a remote server to brute-force them nearly in real time.

Re:Use different passwords for different things (1)

Alkonaut (604183) | about 2 years ago | (#42190413)

Assume the server has a database of hashed passwords, using one of the now vulnerable hashing algorithms. What the client is sending is for example a https encrypted password, not a hashed password? if you are the man in the middle, you are dealing with encryption not hashing? The https request is decrypted on the server, the plaintext client password is then hashed and compared to the hash in the database. I don't see how a man in the middle is related to hashes? (Then again I'm not a security guy in any shape way or form). As far as I know hash vulnerabilities are mainly a concern when the password (hash) datbase is compromised, which happens sooner or later.

crap system is proven to be crap (3, Insightful)

ghostdoc (1235612) | about 2 years ago | (#42189847)

So now that passwords as a system is officially broken, can we please move on to something better? Something that wasn't invented to allow soldiers standing watch in the middle of the night to tell their mates from their enemies, but is actually designed for computers?

And no, of course I don't have any better ideas... this is /. and I'm here to pointlessly criticise!

Re:crap system is proven to be crap (3, Insightful)

Xenna (37238) | about 2 years ago | (#42190025)

This system cracks password hashes. But there's one thing missing: You need to get your hands on the password hashes first!

Therefore you require access to a system. If you already have access to that system it's fairly trivial to install password capturing code. That way you don't even need to crack any hashes.

The problem remains that a hacker who gains access to a badly secured system can do almost anything he likes. Secure hashes or not.

Re:crap system is proven to be crap (3, Interesting)

Architect_sasyr (938685) | about 2 years ago | (#42190107)

If you already have access to that system it's fairly trivial to install password capturing code.

The whole point is to engage in defence in depth - FreeBSD offers kern.securelevel to prevent you from being able to write to the file system, or change firewall rules. We have anti rootkit checking programs (do most people make regular use of rkhunter or anything similar?) Further, you need to encrypt and safely store backups. No password logging program is going to lift them from the hashes you got from the borrowed backup drives. Probably 60% of engagements I have been involved in managed to lift a backup drive from the environment, permitting only the tiniest changes to be made to live servers, thus minimising our risk of breaking things, and a (potential) black-hat's chance of being caught.

Making the hashes harder to crack makes it harder to crack into the server, live or from backups. You'd be surprised how many people forget backups.

Re:crap system is proven to be crap (0)

Anonymous Coward | about 2 years ago | (#42190235)

This system cracks password hashes. But there's one thing missing: You need to get your hands on the password hashes first!
Therefore you require access to a system

There are many examples where I can simply sniff your traffic without having access to your machine. Wifi access points are a prime example, LAN's which are wired but still public in places like a library, and you never know for sure if there isn't someone at your ISP or any ISP along the path your data takes who is in a position to capture packet data. Cellular networks are another weak point ripe for harvesting encrypted data.

Re:crap system is proven to be crap (3, Insightful)

Anonymous Coward | about 2 years ago | (#42190101)

Already have. Public/private key pairs, one of the modes of SSH. (And by far the preferred mode.)

Yes, we are rapidly approaching the point where the only way to secure a system is something you have, not something you know. Or at least, not solely something you know. That's all right. We're used to that. How do you start your car? Or open the door to your house? Something you have. And for any expensive car made in the past decade, that something you have isn't just the physical shape of the key. It's also a chip on the key.

For that matter, doesn't World of Warcraft provide you the option of two-factor authentication, and one of the factors is something you have? The thingie that generates codes? I vaguely recall there were flaws in the specific implementation those cards use, which affected more than just WoW, but the concept is sound.

I'm waiting for the advent of the UberRFID. I call it that because it would have no on-board power source, just as RFID doesn't, and for the same reason: cheapness and very very small size. However, rather than just squawking its ID, it would suck enough power from the querying antenna to perform a full cryptographic handshake with the querying device, SSH-style, using cryptographic keys loaded onto it. Then you can carry your keys with you, and even conceal it. Hide it in a ring on your finger, or inside an innocuous plastic keychain trinket, or a bracelet or a watch. Anything you can conveniently get near to a reader built in to your keyboard. Or your car. Or your front door. Keep the current authentication, whatever it may be. Password for your computer, or the mechanical key for your front door. But add on that second factor and verify it simultaneously.

There's been some work along these lines already. It's only a matter of time before somebody works out a way to transmit enough power to get the job done in a small enough form factor.

Re:crap system is proven to be crap (0)

Anonymous Coward | about 2 years ago | (#42190417)

Just to recap, public/private key in web-services would work something like this:

1. Browser (or OS) has a vault of private keys, (which could be behind master password).
2. When you register or "change password" in webpage, vault creates a new private/public key pair for that service.
3. Your browser then sends a public key to the server to store, this is now your "password".
4. If you want to login you have to provide a proof by first getting a plain text version of proof from the server. You encrypt the proof and send it back to server which checks it.

Quiet simply really, but OS makers or browser makers should create this vault first.

Re:crap system is proven to be crap (2)

unix_core (943019) | about 2 years ago | (#42190429)

Wohooo I am a ghost from the future who come flying in here at night to give you a peek at how the world could be if your idea gets realized, have a look at these future wikipedia articles, whohooooowooowow.

http://en.wikipedia.org/wiki/Contactless_smart_card [wikipedia.org]
http://en.wikipedia.org/wiki/Octopus_card [wikipedia.org]

Re:crap system is proven to be crap (0)

Anonymous Coward | about 2 years ago | (#42190133)

Even with moore's law at work, it takes a bunch of years to beat an additional letter added to your case sensitive alphanumeric password. Passwords *haven't* been beaten, LM/NTLM has (and specific users with their weak passwords have).

Re:crap system is proven to be crap (1)

KiloByte (825081) | about 2 years ago | (#42190183)

It's only weak passwords when you have access to the hash database what's broken. You can always throw in more characters to make brute-forcing take exponentially longer. And since some hashes have been proven to be NP-hard, there's nothing you can do better than brute-force them. No useful hash can be harder than NP, but I'd say that's good enough for me.

Also, in a majority of cases, if you can obtain password hashes, you may just take whatever was protected by that hash. Not always:for an encrypted file/etc that might be possibly fetched by an adversary, you'd better have a good password, 14 fully random characters at the very least[1]. But for accessing a remote account, no matter how important? 8 characters with decent entropy is more than enough. So what if your cluster can process a billion hashes per second -- the server won't accept more than a handful of authentication attempts in that second. Which can be further rate-limited, although total lockups would be abusable for a DoS.

[1]. The cluster in this article can do 77 million md5crypt attempts per second, let's assume our good hash takes as much time to calculate. That's 2^26.2. Fully random ASCII characters have 6.57 bits of entropy. Let's take a 14-character password, and 32 such clusters. Why 32? Because that drops the time required to 13.75 billion years, which is a quite familiar number.

Even if Moore's law will continue, 14 characters are going to last our lifetimes (fully random, not qwertyuiopasdf. XKCD has something to say about ease of memorization.). Ordinary people will write a sticker that says qwertyuiopasdf, of course, but that's a social rather than technical problem.

Re:crap system is proven to be crap (1)

Chewbacon (797801) | about 2 years ago | (#42190215)

Passwords aren't broken. Many systems will lock an account for a set length of time or until an administrator intervenes. This would render this method useless.

Re:crap system is proven to be crap (1)

JasterBobaMereel (1102861) | about 2 years ago | (#42190327)

No it means that if someone can steal the password hashes then your passwords are known ....

Why is the database of passwords on a machine that is capable of being stolen in the first place, this is like the soldier having a list of challenges and responses written down where anyone he challenges could potentially see the entire list ...

The solution is for the user facing machine not to contain the hashes just an API to check individual passwords as needed

Lockout? (0)

BrokenHalo (565198) | about 2 years ago | (#42189849)

Seems to me a simple enough matter to configure your machine to lock you out and (re-)encrypt your hard drives after a small number of failed attempts. (Like my bank does with its ATMs.) Or an arbitrarily long interval between password entries would throw a spanner in the works of the fanciest brute-forcing machine. End of story.

Re:Lockout? (4, Informative)

HungryHobo (1314109) | about 2 years ago | (#42189881)

that's not the context this sort of thing works in.

passwords are stored as hashes. for example of you log into a terminal you don't want the terminal sending your pass over the network.

So it pulls down a list of hashes and compares it to the hash of your password. or it hashes your password and sends it over the network.

The idea is that someone picks up these hashes and then brute forces them at home.

not that they keep trying to log into your account one attempt at a time.

Re:Lockout? (0)

Anonymous Coward | about 2 years ago | (#42189891)

I'm pretty sure once you have the password hashes no amount of policy is going to slow down your cracking efforts. It's not asking the live system. It's just comparing if current brute-forced hash == hash of unknown password.

Plenty of times account databases are compromised and for the windows password, with physical access it takes at most 5 minutes to steal all the local account hashes often leaving no trace. Then wander off your your password cracker 9000 and find the password. Later wander back to the computer and log in with the correct password on the first try.

Re:Lockout? (2, Informative)

Anonymous Coward | about 2 years ago | (#42189897)

That doesn't work for systems with password files. Once a system's password file (which includes the hashed passwords) is compromised, then the password programs just compare their generated hashes against the file.

We had an old ATM testing machine that ran a dinosaur version of x86 SunOS and didn't have the root password. We were able to use a FreeBSD CD to mount and recover the shadow password file and used John the ripper to crack the passwords. Ran it for a month on a dual processor 8GB rackmount.

Re:Lockout? (3, Insightful)

Anonymous Coward | about 2 years ago | (#42190075)

Umm ...

mount the SunOS disk, write a new password hash into /etc/shadow of a known password, sync the file systems to disk and reboot.

Does not take anywhere near a month!

Re:Lockout? (0)

Anonymous Coward | about 2 years ago | (#42189913)

Indeed. Just add a one second delay between attempts; it will barely impact the legitimate users (who will need a few seconds anyway just to become aware that they weren't properly identified and to start typing their password again) while those 348 billion brute force checks turn into over 10000 years.

Re:Lockout? (1)

Anonymous Coward | about 2 years ago | (#42189935)

Yeah, that's called a DOS attack. You can' t use your computer either right ?

Just put a delay between password attempts (say a few seconds) and a one day lockout on three failed attempts.

Try throwing billions of possible passwords at that asshole ....

Re:Lockout? (1)

Anonymous Coward | about 2 years ago | (#42189979)

The password crackers are just trying hash checks, so messing around with retry attempts wouldn't help. They're not sitting there trying to log into your computer, they grabbed the hash via some existing method to do so and are cracking it offline at their leisure on their own machines. Encryption would help prevent them from extracting the hash in the first place, but once they have it no amount of login security would do anything.

Gosney.cx (-1)

Anonymous Coward | about 2 years ago | (#42189851)

Devouring your passwords, then shitting them out on Reddit to downvote your cats.

Obsolete (0)

Anonymous Coward | about 2 years ago | (#42189853)

We need SHD webcams and retina scan technology on websites instead of passwords. Passwords are dead now and moving forward, something else is needed.

Remembering bunch of 256-letter passwords is unreal unless everybody goes autistic overnight.

Re:Obsolete (1)

kipling (24579) | about 2 years ago | (#42189903)

.,$s/autistic/savant/

Beyond Passwords (0)

Anonymous Coward | about 2 years ago | (#42189855)

As I sit here, slightly intoxicated from a long time out on the town, I'm struck by the progress made against what might be considered the foundation of our Internet identities, the password. After all, everything we do online that self-idenfies is ultimately boiled down to the few unique keywords we can remember, no? Progress seems to be made on a monthly basis to challenge even this basic assumption in how we interact with the Internet at large -- how long until accounts in general are rendered a moot idea, as the ability to crack passphrases is limited to mere seconds of processor power? What are we left with then but a web of ideas?

I'm starting to understand the sympathy behind the whole Anonymous movement. And, if nothing else, we've learned a valuable lesson about linking our most personal of thoughts and financial information to a global web of computers...

Re:Beyond Passwords (1)

jones_supa (887896) | about 2 years ago | (#42189973)

What solution would you propose?

Re:Beyond Passwords (1)

Endovior (2450520) | about 2 years ago | (#42190167)

Having been, up until just a few months ago, one of those unwise people who used the same, only moderately complex password everywhere, for everything, I understand the convenience issue. There are dozens of sites that want you to login, and you can't remember dozens of passwords. Best practice is to maintain separate passwords, so the loss of one won't affect the others... but that doesn't feel like something that could happen to YOU.
Then, something DID happen to me; I got a warning from the Guild Wars 2 people that someone was trying to access my account, with my password, from China, and would I confirm the access? (no!) This woke me up, because it immediately occurred to me that I was using the same password for my gmail which secured that access method, which implied that, since the email had only just come in, that I might literally only have minutes to do something about it. And so I quickly changed all my compromised, important passwords... and then, the same day, downloaded a password manager.
Nowadays, I don't even use words for passwords; they're all long groupings of random characters, which I couldn't remember if I tried. Fortunately, I don't need to try; I've got machines to handle this stuff for me, and I don't even need to bother typing the monsters myself.

Re:Beyond Passwords (1)

petermgreen (876956) | about 2 years ago | (#42190263)

I'm not the GP but there are a few measures that can be considered such as

1: deliberately slow hash functions. You can make the crackers job a few orders of magnitude harder this way.
2: dedicated password checking servers (ideally a seperate machine but privilage seperation on the same box is better than nothing) so that cracking your webapp doesn't hand the attackers the password hashes on a silver platter.
3: physical hardware the user is given that provides one-time use security codes

Of course none of these measures are free and that means most forums etc won't bother with them :/

Will it scale? (1)

EthanV2 (1211444) | about 2 years ago | (#42189861)

If he's able to attain numbers like this with four machines, how will it perform as a cluster of eight? Or sixteen?

Re:Will it scale? (1)

Anonymous Coward | about 2 years ago | (#42189915)

It will scale perfectly 1:1 because the tries are completely independent of each other. Just copy the password file to the next machine and buzz away.

This is of course just as true for older hardware and this has always been done.

"Strong" (1)

Seumas (6865) | about 2 years ago | (#42189871)

It doesn't devour "strong" passwords in seconds. It devours weak passwords, in seconds. A fourteen character password is, by definition, pretty weak.

For comparison, the password to an account I use fairly often is 128 characters. At 348-billion password attempts per second, it would practically take eternity. Even if it made attempts 40 times faster (one hundred billion times per second), it would take (according to SGC's haystacks calculator) "76.10 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries".

I might use a fourteen character password on a trivial site that I don't care about, but probably not even then.

Re:"Strong" (1)

Anonymous Coward | about 2 years ago | (#42189925)

"..For comparison, the password to an account I use fairly often is 128 characters..."

I'll bet that:

1 - you either have that written and stored somewhere, or
2 - that's a pass-phrase, so it's not really 128 random characters...

Re:"Strong" (1)

JTD121 (950855) | about 2 years ago | (#42189927)

Uhm, 348,000,000,000 * 40 = 13,920,000,000,000....NOT 100,000,000,000 Also, 128-character passwords seem like retarded overkill, even if a system really allows it, but the paranoid will throw the tin foil hats on :)

Re:"Strong" (1)

Anonymous Coward | about 2 years ago | (#42189939)

Except your 128 character password is probably hashed to sha1 or worse and they will only need to test passwords up to something like 20 characters.

Re:"Strong" (1)

Stalks (802193) | about 2 years ago | (#42189941)

14 characters is strong on a normal scale. A 128 character password is either going to be stored on a USB disk is isn't a password but a passphrase.

Re:"Strong" (2)

reboot246 (623534) | about 2 years ago | (#42189943)

That's great IF you can use a password that long. My bank limits passwords to 14 characters. Their system would choke on your password.

Re:"Strong" (1)

Anonymous Coward | about 2 years ago | (#42189949)

That's crap. It doesn't need to devour *your* password. It needs to devour the salted hash and come up with *a* password that generates the same hash. It doesn't matter how long your password is. If its any longer than the hash then its wasted bits.

Re:"Strong" (4, Interesting)

dkf (304284) | about 2 years ago | (#42189957)

For comparison, the password to an account I use fairly often is 128 characters.

That must be annoying to type in every time.

More seriously, if that's a password but the system in question is only storing a relatively short hash of it, all the attacker has to do is find something that hashes to the same thing. That's pretty simple to do if you've got the grunt compute power, as there's usually no other checks on the sense of a password at the point of use (which isn't the same as the point of definition). In effect, you're not hindering attackers at all but you are making things worse for yourself. Congratulations on your addition to Security Theater! With thinking like that, you're almost qualified to work for the TSA...

(Myself? I disable logins with passwords wherever I can. Turn up with a cryptographic key — the verification of which is not a hashing operation at all — or don't turn up at all.)

Re:"Strong" (1)

blahplusplus (757119) | about 2 years ago | (#42190225)

"That must be annoying to type in every time."

Not if you have a modern password manager.

http://www.roboform.com/ [roboform.com]

Re:"Strong" (1)

ciderbrew (1860166) | about 2 years ago | (#42190031)

The you get those sites that sets the password as 6-12 characters long :(

Re:"Strong" (1)

ipquickly (1562169) | about 2 years ago | (#42190113)

Crack times based on a password composed of 70 possible base characters:

algorithm-attempts
based on: 6 character,10 character,16 character passwords

MD5-180 billion attempts per second
0.65 seconds,182 days,117 Eons

SHA1-63 billion attempts per second
1.67 seconds,519 days,335 Eons

LM-20 billion attempts per second
5.88 seconds,1635 days,1053 Eons

sha512-364 thousand attempts per second
89 hr 47 min,246 077 years,57901611 Eons

bcrypt05-71 thousand attempts per second
19 days 4 hr,1.26 million years,...A really long time.

1Eon is 500million years

Times are based on how long it would take to go through all the possibilities.
If the password is composed of random characters the average time would be halved.

Dear slashdot, I had a very nice table laid out with all this information, it was a table using only spaces, no html - and you said "Too many Junk Characters".

Re:"Strong" (1)

baffled (1034554) | about 2 years ago | (#42190423)

What type of hardware are the 'attempts per second' values derived from?

...and what? (0)

OneMadMuppet (1329291) | about 2 years ago | (#42189873)

The problem with MD5 isn't the speed of creating hashes, it's that collisions are now trivial to find. This is one of the reasons that repeatedly hashing passwords is a fscking stupid idea - somewhere along your "hash over and over 10,000 times" if you find a collision you'll end up with the same chain as someone else from that point. This is why the big boys use chain rainbow tables ;)

Re:...and what? (0)

Anonymous Coward | about 2 years ago | (#42189933)

Repeated hashing isn't done on the just the current hash value, it's done on a concatenation of that with the original password.
So if the 100th hash of password A matches the 100th hash of password B, the 101st hashes won't match unless A an d B really are the same.
Or have I missed something?

Re:...and what? (1)

TheTurtlesMoves (1442727) | about 2 years ago | (#42190037)

Lets see how that works with 256bit or even 512bit hashes.....

This is hype: NTLM is broken by design (5, Insightful)

slb (72208) | about 2 years ago | (#42189893)

This is well known and no sane people uses NTLM auth anymore, even Microsoft recommend to deactivate this authentication method. The idiots at Microsoft used a DES ECB implementation instead of CBC that anyone with two ounce of crypto knowledge would choose. The practical impact of this very bad design choice is that a 14 character password has as much complexity as two independant 7 characters passwords ! So when the authors brag about cracking a 14 character password in 6 minutes, what they're really doing is cracking two 7 character passwords in 6 minutes, this is entirely different and not impressive at all.

PBKDF2 (1)

Feadin (766801) | about 2 years ago | (#42189895)

Single hash passwords have been a bad idea for a while now. If you're a dev, PBKDF2 would be a better choice.

Time delay? (0)

Anonymous Coward | about 2 years ago | (#42189923)

What use is that kind of brute force if the password validation process will delay the next attempt by 10 seconds each time the password was wrong?
All this talk about fast password hacking is nice and clean but in practical application its not going to work, at least for good programmed password checks and here i need to admit, there are too few...

Re:Time delay? (4, Interesting)

ledow (319597) | about 2 years ago | (#42189991)

This isn't about live attacks on a system. This is about "offline" attacks and even things like hash collisions (where someone can make a certificate or a download that has the same hash as the "official" one but is fake or contains malware, etc.).

If you can take a login system and run millions of queries against it, it's a stupid system. But if you can steal a hashed file of password, or old hashed tokens from the network, then you can theoretically break them now in the time it takes to reboot the computer (if you could log into this other system remotely).

Things like the Sony break-in would reveal everyone's password, not just the other stolen details. And on a local network, you could sniff tokens sent for NTLM services etc. and start impersonating other users before it could even be detected. Of course you have to have a certain level of compromise / access already to get to that stage, but it doesn't make it any less dangerous to be able to forge hashes or find out their plain-text.

Please note, also, that things like these hashes have been used historically to verify software is genuine, as part of encryption algorithms, random number generators and all sorts of other things. At the time, they were reasonably unbreakable, but now they aren't. And that breaks lots of things if they are still relying on them.

Impact to security-conscious users: Zip.
Impact to security-unconscious users: Huge.

That's great and all (0)

Anonymous Coward | about 2 years ago | (#42189929)

But will it run Crysis 3?

Ob "correct horse battery staple" (4, Informative)

Rogerborg (306625) | about 2 years ago | (#42189937)

A customer asked us recently if we could recover some of their passwords stored (hashed) on our system.

"Sure we can, if you used really poor passwords."

Re:Ob "correct horse battery staple" (1)

AltF4ToWin (1976486) | about 2 years ago | (#42189945)

You deserve a pat on the back there.

Re:Ob "correct horse battery staple" (4, Insightful)

mwvdlee (775178) | about 2 years ago | (#42190063)

You mean your system allows users to enter weak passwords?

XP Passwords (3, Insightful)

jonbryce (703250) | about 2 years ago | (#42189961)

I was under the impression that a 14 character NTLM password was basically two 7 character passwords, and the fact you can crack them easily is not news. Rainbow tables will crack them in a matter of seconds on a standard PC setup.

Re:XP Passwords (3, Insightful)

bloodhawk (813939) | about 2 years ago | (#42190033)

This article only talks about very old deprecated algorithms which to be quite honest if you are reliant on those for your security you have far more trouble then just weak passwords or someone brute forcing. NTLMv2 has been in available for use in windows since the NT 4 days and LM/NTLM were off by default from vista onwards.

Re:XP Passwords (2, Funny)

Anonymous Coward | about 2 years ago | (#42190095)

Soon, they will be able to build a time machine entirely out of GPUs to go back in the 90s and crack those passwords!

Summary misleading... (0)

Anonymous Coward | about 2 years ago | (#42189971)

I know, I know, but still, the phrasing of this irked me a little: "was forced to acknowledge".

Forced by who?

It makes it sound like he reluctantly, and begrudgingly mentioned this. I'll let you judge for yourselves:

http://tech.slashdot.org/story/12/06/07/1529252/md5crypt-password-scrambler-is-no-longer-considered-safe [slashdot.org]
http://phk.freebsd.dk/sagas/md5crypt_eol.html [freebsd.dk]
Keep In Touch Sidebar p6-7 [freebsd.dk]

Anyways, what's its $2a$08$ rate? How about scrypt?

Discussed in the past:
Bcrypt, scrypt, sha512crypt [slashdot.org]

Bitcoin (0)

Anonymous Coward | about 2 years ago | (#42189975)

Thanks to the recent halving of the block reward and the impending release of Bitcoin ASICs there will soon be a glut of owners of such "monsters" who are used to hashing for effectively anonymous money. A single 25 GPU machine cracking passwords is interesting; a website linking such miners with people who want passwords cracked (similar to the vanity address generating sites) is game changing.

The obvious dimension (0)

Anonymous Coward | about 2 years ago | (#42189999)

So it generates a gazillion passwords in a couple of seconds. It would seem that the obvious flaw in the systems, then, would be accepting a gazillion tries in a second. If the password file is at hand, there's not much for it. Or is there? I'm no genius cracker, but maybe someone could figure out how to add in an automatic delay on fail.

Re:The obvious dimension (1)

Endovior (2450520) | about 2 years ago | (#42190213)

Generally speaking, you don't make a gazillion tries through the actual authentication gates; that sort of brute force is an obvious threat that people know how to look for, like an army of barbarians storming the gates of the city.
The kind of action described here is more an army of monkeys on typewriters trying to guess passwords off a stolen list of passwords; eventually, they'll get it. They won't know they've gotten it unless they already had (the hash of) your password to begin with, but that's doable now; we finally have enough monkeys to get the correct answers in a reasonable amount of time. Essentially, what this finding means is that the way passwords are currently stored in hashes is no longer cryptographically strong enough to be computationally safe, and a higher standard of security is needed.

Communication is irrelevant (1)

psholty2 (2696677) | about 2 years ago | (#42190015)

> communicating at 10 Gbps and 20 Gbps over Infiniband switched

If you are bruteforcing password, you just split searched space into smaller chunks and assign them to nodes once. No need to communicate at all!

Do the math. (1)

goodmanj (234846) | about 2 years ago | (#42190045)

Let N be the number of bits of real entropy in an item of human memory. N is somewhere between 50 and 70. (Proof: you can remember RWOLZEKBYT or "correct horse battery staple" [xkcd.com] if you have to, but you've got no prayer of remembering RWOLZEKBYTDUQLZPEJNB or Rw3L$E5Kÿ(t. )

Let 2^R be the instruction rate of the largest computer affordable by a large nation or corporation. R is about 56 at the moment.

2^(N - R) is the number of seconds before we're all completely fucked.

Re:Do the math. (2)

Terrasque (796014) | about 2 years ago | (#42190127)

(Proof: you can remember RWOLZEKBYT or "correct horse battery staple" if you have to, but you've got no prayer of remembering RWOLZEKBYTDUQLZPEJNB or Rw3L$E5KÃ(t. )

But I can easily remember "correct horse battery staple waterslide fishnet the queen bleach" - how much entropy is that?

sha sha-1 2 etc (1)

Ruede (824831) | about 2 years ago | (#42190067)

what about those?

Re:sha sha-1 2 etc (0)

Anonymous Coward | about 2 years ago | (#42190203)

No, they are designed to be cryptographically secure in terms of collision resistance, but they are also designed to be fast to compute.

To prevent brute force cracking, you want an algorithm which takes quite a long time to calculate the hash (relative to things like SHA-1). Things like bcrypt are tunable, and could take, say 100ms to calculate the hash. It's important that the hash algorithm resists parallelisation too - so iterative approaches (hashing many times) are useful. There are even some techniques specifically designed to make running them on GPU style architectures very difficult and/or to perform very badly, but I can't remember what they are off the top of my head.

Can it bust my neighbours WPA wifi setup? (4, Funny)

AbRASiON (589899) | about 2 years ago | (#42190071)

I'm really low on porn at the moment and hit my monthly internet quota!

trucrypt (1)

Hrrrg (565259) | about 2 years ago | (#42190097)

I have an old trucrypt container that I forgot the password to. Does this mean I can now recover it? (it was fairly short, perhaps 8 characters)

WPA keys per second? (1)

DamageLabs (980310) | about 2 years ago | (#42190237)

Not seeing anything about WPA.

You can pull those truly out of thin air and since they are rehashed 4000 times brute forcing those is slow even on most modern hardware. Generally in the range of a 1000 to 5000 keys per second.
More than a thousand years for a 8 character password. And you can't even use a shorter password on WPA.

GPUs do change the picture a bit.

OK, we get it, passwords suck (0)

Anonymous Coward | about 2 years ago | (#42190257)

Let's redirect research into how to replace them, and stop "moving the goalposts" on how fast we can get pwned by someone with too much time and money on their hands or an axe to grind.

M y MEDITATION Y esterday (-1)

Anonymous Coward | about 2 years ago | (#42190275)

I'm come to the conclusion it's time to disconnect. I'm going to behave like an EM pulse just fucked our world. I'm Cloning, I'm buying 2xHardwarez

I know you loved my MY LIFE FOR A DAY AS A 36' GIANT piece.

as an aircraft electrician I want you to see this viral video (sorry you have to find it yourself)

AIRCRAFT MECHANIC SPEAKS

I could say, I don't like this guy's style of maintenance.
I got accused of actually LOSING A BOX. You'll note he said he tagged it and put it on the rack, which then was searched and the WRONG S/N was on it!? Well I put shit on the rack that plain fuckin up and disappeared, fucking vanished! It was a weapons box, and I was serving in the usaf! The value at the time was some insane number like $47,000. I devised a plan at that time which I PUSH on motherfuckers still to this day. That being A CHAIN OF CUSTODY. Today I apply it to our elections and voting vs electronic exploits but nobody on /, or across the web truly seems to give a fuck until they're hit by some oath breaker's bullshit. I digress, here's my fucking point and it works WITH TRANSPARENCY as well.

I as an aircraft electrician, used to have to yank out every fucking box inside the cockpit. took me 12 to 45 minutes. The taller the repairman, the longer it takes. When we were in groups, we could easily watch each other that nothing get's left behind. Anyone working on this shit knows that one mistake up the intake and it's a destroyed engine. There's an acronym. F.O.D. Foreign Object Damage . Destroy things . Not Good . Those clippings from stripping a wire, or dropping a fucking BOLT on the ground, can find their way into the blades, and wreak total fucking mayhem, even Bird Strikes. Interesting I noticed Russian Aircraft seem to have HIGHER lift-kitted engines. Americans are low riders ;o) I digress again...

When venturing out on your own and taking total responsibility for all the aircraft (more than one less than 500) all the time, I one day while out in the HIGH DESERT SUN was accused of losing a black box. $42k worth of black box which to this date they never TOLD ME it was found. But just like this weird ass AIRCRAFT MECHANIC SPEAKS video I too tagged, documented in the forms, bagged and placed that motherfucker on the RACK! (as per my training), but one day I got confronted that it was missing, I forget frankly all that happened, but I FUCKING SWEAR I PUT THAT BITCH ON THE SHELF! TAGGED! DOCUMENTED IN THE FORMS, AND MY DAILY TURNOVER LOGS.

Over the next few days I wondered it it wasn't a security test. Surprise you passed, and the shit is off your back?
Sadly, still to this day I wonder. Was it? Was it so I could be expendable later on?

They re-wrote the DSM, why? To catch depression? After they cause it by the fucking lies?
Yeah no guns for vets. The only fuckers on this planet who swear an oath to stop the oath breakers, no wonder they disarm the troops now when the oathbreakers come around.

Climate Change by MILITARY SPRAYING yielding in UN control of CARBON TAXES TO THE NWO BANKSTERS, NWO POLICE, NWO GOVERNMENT.

I'm not a member of the oath keepers.
I'm someone who SWORE AN OATH

Fuck these LOGAN ACT OATH BREAKERS who suck the dicks and pussies of the UN

PS PS: I know you loved my MY LIFE FOR A DAY AS A 36' GIANT piece. That fucker ROCKED eh?!

Re:M y MEDITATION Y esterday (-1)

Anonymous Coward | about 2 years ago | (#42190313)

Ha ha I forgot to say what the CHAIN OF CUSTODY WAS LOL
Jesus Tits I'm a fucking dipshit sometimes!

I pulled all these boxes out, there's not expediter, no free truck I CAN SEE VISUALLY, there's no radio, Well fire up the -60 and fire up the comms in the jet. NOT... lol Gee tower can you send a truck down my feet are cold?! lol

SO, the question is, HOW do you get it back on the shelf in the vault safely, without tampering?
Keep in mind I may have removed 200 LBS of boxes and 4' by 3 feet of tools and boxes!

Here IS what you do.

You pick up your fucking tool box. Walk 50 yards. Set it down. The entire time you keep everything in visual sight.
Rinse and repeat, over and over and over for 2 miles, like a fucking slave! Eventually everything makes it in, what can you fucking complain about that? Oh voter fraud. No bitch, we saw your vote in that box the entire time, even though we DO NOT KNOW IT'S YOUR VOTE!

Anyway, today, add corrupt banksters and officials and we're truly fucked.

Far as my Crime? Crime? More like false flag setup.
Come kill me, I'll give up the magic smoke you fucking turd

So...what would the solution be? (4, Interesting)

Phoenix (2762) | about 2 years ago | (#42190303)

If passwords are getting cracked so quickly these days, what then is the answer? Authenticators are all well and good, but I don't have room on my keychain for one for Blizzard (I know about and have the one for my iPhone), one for Amazon, one for PayPal and eBay, one for Gmail, etc and so forth.

What would be a viable solution then?

Re:So...what would the solution be? (-1)

Anonymous Coward | about 2 years ago | (#42190415)

Try Keepass; Idjiot (shamelessly stolen from that fucking series I love called supernatural, but fuck the COPYRIGHT busllshti)

PS: #debian - Yeah Ya Taught me, but this is the last of my third knowledge pass on's, SHall I go for teaching Four ?
PSPS: read my 36' giant life for a day piece

why not just limit attempts (1)

vonshavingcream (2291296) | about 2 years ago | (#42190357)

wouldn't crazy brute for attacks like this be eliminated with simple attempt limitation? It maybe be able to do the bruteforce attacks at a megazillion per second, but if the connection is actively refused after 10 tries, what does it even matter. You could theoretically set the limit to any amount way under the total amount of possibilities and it still wouldn't matter. as for building passwords that are stronger, we need to move away from 8 - 12 char limits with case and special characters and force people to use complex strings that have 25 - 50 chars in them but are simple to remember for example something like "mydogsnameisfluffy" or "whydoineedacrazyasspassword" both of these are much harder to crack than "8&#sref"

Re:why not just limit attempts (1)

Lehk228 (705449) | about 2 years ago | (#42190459)

this system is for computing passwords from stored hashes, such as when a site's password file gets compromised because noobmin failed to set up the web server permissions

but... (0)

Anonymous Coward | about 2 years ago | (#42190365)

but can it run Far Cry 3?

Server-side code (1)

coofercat (719737) | about 2 years ago | (#42190379)

So it seems all server side code should be storing:

algo_name, hash(salt + password) ...that way, if your algorithm of choice proves to be a bit feeble, you can gradually upgrade to a better one by getting your users to change their passwords. If anyone's account has a really old algo still on it, then the account gets disabled. Whilst this doesn't "solve" the problem, it means you don't have to throw everything away because someone found a quick way to compute hashes using your chosen algorithm.

Either way, it seems we're about on target for kittenauth now ;-)

Fingerprint scanner / twist (1)

ThatsNotPudding (1045640) | about 2 years ago | (#42190463)

Time to move on to fingerprint scanners for security, but with a twist: they *only* recognize 'dead fingers'.


Don't know about you, but I'm already set.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?