Related Links

Related Stories

  • Goodbye, 123456: Blackberry bans weak passwords
    Blackberry has always had a reputation for taking particular care when it comes to security. Its enterprise-server-based deployment configuration was one of the reasons the Blackberry soared to such a high penetration rate in North America, pre-iPhone. Now, Blackberry-maker Research in Motion is tackling the consumer side of things, banning 106 passwords from being used with its devices because they are too weak.
  • New and improved SHA1 cracking method for passwords published
    SHA1 is probably the most widely used password cryptographic hash function; but perhaps it shouldn’t be. The first attack faster than brute force against SHA1 was discovered in 2005, and just over two months ago NIST declared, “Federal agencies should stop using SHA-1...”
  • Twitter breach: Time for new password approaches?
    In the wake of an apparent spam-hack (since resolved), Twitter sent out emails last week to hundreds of affected accounts requiring users to reset their passwords. The mass reset action has prompted another look at password protocol for the hacking age.
  • NullCrew hacks MoD – leaks thousands of plaintext credentials
    NullCrew remembered the 5th of November by breaking into and stealing and dumping more than 3400 email addresses and passwords. While the date of the breach cannot be verified, it does look as if it happened on the Guy Fawkes anniversary.
  • Passwords: young people are lax, rich people are careful
    A new survey on password attitudes shows a difference between age groups, income, marital status and more – providing intriguing data that might be as valuable to the sociologist as to the security industry.

Top 5 Stories


GPU cluster can crack any NTLM 8-character hashed password in 5.5 hours

10 December 2012

A cluster of 25 AMD Radeon GPUs using OpenVCL and the Hashcat password recovery software is claimed to make 348 billion guesses per second against NTLM hashed passwords, and 63 billion against SHA1 hashed passwords according to a presentation at last week’s Passwords^12 conference in Oslo.

Such systems can only operate against off-line password lists, but given the number of system breaches leading to massive password leaks throughout 2012, it should be enough to make websites reconsider how they store user passwords, and how users choose and use their passwords.

There are two primary methods used by attackers to recover the plaintext password from a hash: brute force and dictionary attacks. Brute force involves re-hashing every possible combination of characters and comparing the result to the stored hash until a match is found and the plaintext password discovered. Dictionary attacks involve pre-computed tables of the more likely passwords: names, places, words etcetera. The target hash is checked against the dictionary to find the password. Dictionary attacks have proven very successful because users tend to use obvious passwords that they can easily remember.

Salting is used to defeat dictionary attacks. A random value is added to each plaintext password before it is hashed, making it almost impossible to include the result in a dictionary. As a result, passwords stored as salted hashes can effectively only be recovered by brute force. But what Jeremi Gosney, founder and CEO of Stricture Consulting Group, demonstrated last week is that improved software and more powerful hardware is making brute force increasingly feasible. While he used a cluster of 25 GPUs, it is worth noting that Jens Steube, the author of Hashcat, has added VCL support for up to 128 AMD GPUs in oclHashcat-plus v0.09.

In raw terms Gosney’s system processed 348 billion guesses per second against NTLM hashes, 180 billion g/s against MD5, 63 billion against SHA1, and 20 billion against LM. These are known as ‘fast’ hashes – the computation is done rapidly to benefit the user; but clearly it also benefits a brute force attacker. To make things more difficult for the attacker, cryptographers have developed ‘slow’ hashes. While the extra computing time is hardly noticeable to the user (and could be further disguised by a requirement to complete a CAPTCHA process), Gosney shows that it has a dramatic effect on brute forcing. His system processed 77 million guesses per second against md5crypt, 364,000 guesses against sha512crypt and a relatively tiny 71,000 against bcrypt.

The implication of Gosney’s findings are that websites should consider moving to or using a modern slow hash to defeat brute force attacks, with added salting to beat the dictionary attacks. Users, however, should seriously consider that 8-character passwords are no longer sufficient, and should rather use long passwords to help defeat brute forcing, and complex passwords to help defeat dictionary attacks. Furthermore, of course, users should not use the same password on multiple accounts: if it is recovered from a weakly defended website, there is no need for the attacker to expend the time and effort cracking it in a well-defended website.

This article is featured in:
Encryption  •  Identity and Access Management  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×