£30 graphics card can brute-force crack any eight character password in just four hours

At these speeds, claims UKFast, a web hosting firm, the long-held belief that a paraphrase consisting of random upper and lower case characters was not crackable, goes out of the window.

The web hosting company says it has announced its research findings as Cyber Security Awareness month kicks off across the UK and consumers - and businesses - are being encouraged to pay special attention to securing their data.

"A typical home GPU can process nine million passwords per second, this really shows the power of these graphic processing units. Reasonably complex passwords can therefore be compromised quite quickly by using cheap consumer hardware", said Stuart Coulson, UKFast's security expert.

Using an nVidia GeForce GT220 graphics card – which Coulson says can be bought for as little as £30.00 - with the latest drivers on Windows 7, UKFast's security experts were able to crack a six character password in 12 seconds, a seven character password in less than five minutes, and an eight character password in four hours.

But it gets worse, as the web hosting provider claims that top-specification graphics cards - costing around £600 - make light work of password cracking, processing 10.3 billion passwords per second.

This, Infosecurity notes, is just over 65 times faster than with the £30.00 graphics card, suggesting that an eight character password could be cracked – in theory at least – in under four minutes.

Commenting on the research findings, Neil Lathwood, UKFast's IT director, said that that people have worked out that the processing power of graphics cards - due to the architecture of the chips - is more powerful than a normal processor for doing certain tasks.

Coulson, meanwhile, says that users should protect themselves by changing their passwords often and thinking about the complexity and length of their passwords.

"Nobody is immune to the damage a weak password can cause - even those in high-powered positions of authority. Every extra character makes the hacker's job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is", he explained.
 

What’s Hot on Infosecurity Magazine?