Log in to see any non-public content on this page
Athabasca University | AU Student/Staff Login | Invited Guest Login
Athabasca University | AU Student/Staff Login | Invited Guest Login
GPU cracks six-character password in four seconds - 10/4/2011 - Computer Weekly
By Jon Dron 12 October 2011 @ 2:25pm Comments (5)
http://www.computerweekly.com/Articles/2011/10/04/248075/GPU-cracks-six-character-password-in-four-seconds.htm
This is a bit scary, especially given that some systems put a limit on the size of passwords you may use. Of course, they need to get hold of the encrypted (or hashed) password in the first place so that should provide a basic line of defence, but it is a remarkable feat, using incredibly cheap hardware. Time to make my passwords longer and stronger, I think. Recent reearch suggests that the strongest are not those that have weird and wonderful mixes of letters and symbols and numbers (easily forgotten), but that use sentences (but not obvious ones that can be found with a web search - poems and song lyrics are not a good choice!)
Jon Dron
still learning, never learning enough
Comments
Biometrics anyone?
Maybe - apart from difficulties in assuring accuracy (there are too many false positives and false negatives in all existing forms, though using multiple methods can lead to a more acceptable failure rate) and the fact that what gets stored is a bunch of what are still (we hope) encrypted or hashed data, AKA passwords.
how about public key infrastructure for authentication.
Even worse. Symmetric encryption is at least provably secure (up to a point which, for 6 character passwords, turns out to be 4 seconds on cheap hardware), whereas asymmetric encryption (at least SSL) not only uses crackable passphrases but relies on the complexity of finding the prime-numbers that are factors of a big number. This is not only lacking formal proof of difficulty but there has been some notable progress in shortening the time it takes which suggests that formal proof will never arrive. In fact, I strongly suspect there are agencies out there that can crack it already, but governments are notoriously secretive about such discoveries. For instance, asymmetric encryption was invented in the UK well over a decade before it was invented in the US but no one knew about it because it was an official secret, and the Nazis never knew that Enigma machines had been cracked by Turing et al for the same reason (thus also keeping his electronic computers a secret). Plus, it is computationally very very very expensive indeed, which is why it is only used for key exchange today: if we relied on it for more than exchange of symmetric passwords, our computers would crawl at a tiny fraction of their current speed.
I just made a cryptic sentence for a password. I liked it. No poetry but my own.