Super Password Guesser

**KG4CGC** · 12-10-2012, 07:12 PM

http://arstechnica.com/security/2012...rd-in-6-hours/

25-GPU cluster cracks every standard Windows password in <6 hours

A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It's an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.
The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 95⁸ combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm—which many organizations enable for compatibility with older Windows versions—will fall in just six minutes.

I'm just wondering, who will be the first to get their hands on one? Governments or organized crime?

**WN9HJW** · 12-10-2012, 07:28 PM

Deleted

**KJ3N** · 12-11-2012, 12:36 AM

Originally Posted by WN9HJW

What's the difference ?

With Republicans in charge? Nothing.

See? Two can play this game. :roll:

**NQ6U** · 12-10-2012, 07:44 PM

Originally Posted by WN9HJW

What's the difference ?

Bzzzzzzzzt! Cliche. Please try again.

**n2ize** · 12-10-2012, 10:41 PM

I don't want a wing wong.

**n2ize** · 12-11-2012, 09:17 AM

Originally Posted by KG4CGC

http://arstechnica.com/security/2012...rd-in-6-hours/

25-GPU cluster cracks every standard Windows password in <6 hours

I'm just wondering, who will be the first to get their hands on one? Governments or organized crime?

The first to get their hands on one is the one who already has it.

**N8YX** · 12-11-2012, 09:23 AM

We built one of those four years ago. An 8-character credential - regardless of composition - took about two hours to break. This construct leveraged a combination of brute-force and rainbow tables techniques.

**n2ize** · 12-11-2012, 09:34 AM

Originally Posted by KG4CGC

http://arstechnica.com/security/2012...rd-in-6-hours/

25-GPU cluster cracks every standard Windows password in <6 hours

I'm just wondering, who will be the first to get their hands on one? Governments or organized crime?

So, is a standard Window$ password limited to only 8 charachters ? At 350 billion brute force guesses per second it comes to about 5.4 hours to generate all possible 8 charachter passwords from a 95 charachter set. Now, if we double the amount of charachters allowed to 16 characters and assume the same guess rate it will take an astounding 3.5 x 10¹⁶hours (think how many years that is) to generate every possible password. Even if we increase the size of the password to just 10 charachters it will take 47518,8 hours or approx 8000x the number of hours required for an 8 charachter password. Even a 12 charachter password would require approximately 428 million hours.

Sooo... it seems like this method is thwarted by using passwords larger than 8 charachters, preferably > 10 charachters.

**W5GA** · 12-11-2012, 09:43 AM

I tried something like this at a bank I worked at once upon a time, using a piece of software. To crack every employees password took my desktop PC about 2 hours. This was in the days of W95/98.

**X-Rated** · 12-11-2012, 11:35 AM

We have Gmail at work. We now have an option to have a 6 character word sent to us via cellphone text so when we correctly place the password, we have to get the text word correct. So there is a second layer of protection for that email.

Dunno if they can crack that or not.

Thread: Super Password Guesser

Thread Tools

Display

Hybrid View

Super Password Guesser

Posting Permissions