Software // Enterprise Applications
News
10/24/2007
01:59 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Forgot Your Password? Just Crack It

ElcomSoft's patent describes a way for a GPU and CPU to decrease the amount of time required to recover forgotten passwords

ElcomSoft on Monday said that it had filed to patent for a way to decrease the amount of time required to recover forgotten passwords, not to mention withheld passwords, by a factor of 25.

The technique uses the graphics processing unit (GPU) on a computer in addition to its CPU.

Until recently, GPUs were ill-suited for password cracking because they couldn't handle the fixed-point calculations required by most cryptography algorithms, ElcomSoft said. Newer CPUs, however, can perform fixed-point mathematics, and with as much as 1.5 Gbytes of on-board memory and as many as 128 processing units, they crunch numbers better than general purpose CPUs.

An eight-character Windows Vista logon password, for example, has about 55 trillion possible combinations of upper and lowercase letters and numbers, ElcomSoft said. A current dual-core PC, testing about 10,000 possible passwords a second, would take two months to try every possible combination. The company claims that its new technology could complete such a test in three to five days.

ElcomSoft is something of a legend in security software circles. The Russian firm came into notoriety after Dmitry Sklyarov, a Russian citizen employed by ElcomSoft, was arrested and jailed under U.S. DMCA laws for publishing an eBook format that compromised Adobe's software.

Bruce Schneier, CTO of BT Counterpane and noted security expert, isn't particularly impressed. "They're patenting a trick," he said, noting that a computer forensics company called AccessData has dozens of such tricks.

Schneier points out that password cracking isn't about encryption. It's about the ease with which passwords can be guessed.

AccessData's tricks include creating a dictionary from every printable character string found on the computer where the password-protected application resides. Its software scans for inside documents, in the Windows Registry, in temporary files, in deleted space, everywhere.

Using this information alone, AccessData's software breaks more than half of passwords, according to Schneier.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.