Forgot Your Password? Just Crack It - InformationWeek
Software // Enterprise Applications
01:59 PM
Connect Directly

Forgot Your Password? Just Crack It

ElcomSoft's patent describes a way for a GPU and CPU to decrease the amount of time required to recover forgotten passwords

ElcomSoft on Monday said that it had filed to patent for a way to decrease the amount of time required to recover forgotten passwords, not to mention withheld passwords, by a factor of 25.

The technique uses the graphics processing unit (GPU) on a computer in addition to its CPU.

Until recently, GPUs were ill-suited for password cracking because they couldn't handle the fixed-point calculations required by most cryptography algorithms, ElcomSoft said. Newer CPUs, however, can perform fixed-point mathematics, and with as much as 1.5 Gbytes of on-board memory and as many as 128 processing units, they crunch numbers better than general purpose CPUs.

An eight-character Windows Vista logon password, for example, has about 55 trillion possible combinations of upper and lowercase letters and numbers, ElcomSoft said. A current dual-core PC, testing about 10,000 possible passwords a second, would take two months to try every possible combination. The company claims that its new technology could complete such a test in three to five days.

ElcomSoft is something of a legend in security software circles. The Russian firm came into notoriety after Dmitry Sklyarov, a Russian citizen employed by ElcomSoft, was arrested and jailed under U.S. DMCA laws for publishing an eBook format that compromised Adobe's software.

Bruce Schneier, CTO of BT Counterpane and noted security expert, isn't particularly impressed. "They're patenting a trick," he said, noting that a computer forensics company called AccessData has dozens of such tricks.

Schneier points out that password cracking isn't about encryption. It's about the ease with which passwords can be guessed.

AccessData's tricks include creating a dictionary from every printable character string found on the computer where the password-protected application resides. Its software scans for inside documents, in the Windows Registry, in temporary files, in deleted space, everywhere.

Using this information alone, AccessData's software breaks more than half of passwords, according to Schneier.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll