Is your password secure? Brute force password cracking with GPU

Reprinted from: http://www.cnbeta.com/articles/145526.htm

This is an interesting little tool that allows you to use GPU to brute force password cracking, from the description in the news, radeon
5770 operations per second for HD 3.3 billion

Radeon HD 5770 can crack a five-digit password "fjr8n" in one second "......

If you have four HD 5970 images, the cracking speed will reach 33.1 billion times per second, and the CPU we generally use is only about 9.8 million times per second, it also takes 24 seconds to calculate!


The six-digit password "pydbl6" takes 90 minutes, the GPU takes only four seconds, and the seven-digit password "fh0gh5h" takes four days, while the GPU only takes 17 minutes and 30 seconds, if the password is an eight-or nine-digit password, it takes 48 days for the GPU, and 43 years for the CPU.




In fact, the rule of this tool is that the dictionary files are quite Yang Chun, but because they are all plain text files, we can expand it on our own. Theoretically, we can effectively expand it and crack more passwords. Due to the implementation of these technologies, some tools of the same type will inevitably be released one by one in the future, so our passwords will become very important.


In fact, I was a little surprised when I saw this, because in the past, after the number of digits of the password reached or exceeded 8, as long as it was not too rule or used words as a password,

In the past, it was almost impossible to crack a password without meaning! However, with the development of gpgpu, we can use a GPU with hundreds of thousands of cores and perform parallel operations. This allows us to use consumer-level display adapters to do things that could not be done by a supercomputer before.


In general, most of our websites have defense mechanisms. For example, you can only respond once in one second. Even if your GPU has tens of billions of computations per second, it seems that you have guessed one hundred answers in a second. At the same time, I will only tell you that among the one hundred answers, the third is wrong, and the other 99 are right or wrong.


If the website is not protected, we can also use the password management tools such as lastpass in the browser and generate frequent passwords at random, and then all the passwords will be managed by lastpass. In other cases such as shared compressed files, passwords may not be subject to response restrictions, and such private files can be used together with tools such as salt, to generate a hash value like sha1 or MD5, so that the system has another project for verification. In this case, theoretically, password cracking will become more difficult.