Software // Enterprise Applications
01:59 PM
Connect Directly

Forgot Your Password? Just Crack It

ElcomSoft's patent describes a way for a GPU and CPU to decrease the amount of time required to recover forgotten passwords

ElcomSoft on Monday said that it had filed to patent for a way to decrease the amount of time required to recover forgotten passwords, not to mention withheld passwords, by a factor of 25.

The technique uses the graphics processing unit (GPU) on a computer in addition to its CPU.

Until recently, GPUs were ill-suited for password cracking because they couldn't handle the fixed-point calculations required by most cryptography algorithms, ElcomSoft said. Newer CPUs, however, can perform fixed-point mathematics, and with as much as 1.5 Gbytes of on-board memory and as many as 128 processing units, they crunch numbers better than general purpose CPUs.

An eight-character Windows Vista logon password, for example, has about 55 trillion possible combinations of upper and lowercase letters and numbers, ElcomSoft said. A current dual-core PC, testing about 10,000 possible passwords a second, would take two months to try every possible combination. The company claims that its new technology could complete such a test in three to five days.

ElcomSoft is something of a legend in security software circles. The Russian firm came into notoriety after Dmitry Sklyarov, a Russian citizen employed by ElcomSoft, was arrested and jailed under U.S. DMCA laws for publishing an eBook format that compromised Adobe's software.

Bruce Schneier, CTO of BT Counterpane and noted security expert, isn't particularly impressed. "They're patenting a trick," he said, noting that a computer forensics company called AccessData has dozens of such tricks.

Schneier points out that password cracking isn't about encryption. It's about the ease with which passwords can be guessed.

AccessData's tricks include creating a dictionary from every printable character string found on the computer where the password-protected application resides. Its software scans for inside documents, in the Windows Registry, in temporary files, in deleted space, everywhere.

Using this information alone, AccessData's software breaks more than half of passwords, according to Schneier.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of June 19, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.