Forgot Your Password? Just Crack It - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
10/24/2007
01:59 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Using Cyber Threat Intelligence Wisely
Aug 23, 2017
A wide range of threat intelligence feeds and services have cropped up keep IT organizations up to ...Read More>>

Forgot Your Password? Just Crack It

ElcomSoft's patent describes a way for a GPU and CPU to decrease the amount of time required to recover forgotten passwords

ElcomSoft on Monday said that it had filed to patent for a way to decrease the amount of time required to recover forgotten passwords, not to mention withheld passwords, by a factor of 25.

The technique uses the graphics processing unit (GPU) on a computer in addition to its CPU.

Until recently, GPUs were ill-suited for password cracking because they couldn't handle the fixed-point calculations required by most cryptography algorithms, ElcomSoft said. Newer CPUs, however, can perform fixed-point mathematics, and with as much as 1.5 Gbytes of on-board memory and as many as 128 processing units, they crunch numbers better than general purpose CPUs.

An eight-character Windows Vista logon password, for example, has about 55 trillion possible combinations of upper and lowercase letters and numbers, ElcomSoft said. A current dual-core PC, testing about 10,000 possible passwords a second, would take two months to try every possible combination. The company claims that its new technology could complete such a test in three to five days.

ElcomSoft is something of a legend in security software circles. The Russian firm came into notoriety after Dmitry Sklyarov, a Russian citizen employed by ElcomSoft, was arrested and jailed under U.S. DMCA laws for publishing an eBook format that compromised Adobe's software.

Bruce Schneier, CTO of BT Counterpane and noted security expert, isn't particularly impressed. "They're patenting a trick," he said, noting that a computer forensics company called AccessData has dozens of such tricks.

Schneier points out that password cracking isn't about encryption. It's about the ease with which passwords can be guessed.

AccessData's tricks include creating a dictionary from every printable character string found on the computer where the password-protected application resides. Its software scans for inside documents, in the Windows Registry, in temporary files, in deleted space, everywhere.

Using this information alone, AccessData's software breaks more than half of passwords, according to Schneier.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll