ElcomSoft's patent describes a way for a GPU and CPU to decrease the amount of time required to recover forgotten passwords
ElcomSoft on Monday said that it had filed to patent for a way to decrease the amount of time required to recover forgotten passwords, not to mention withheld passwords, by a factor of 25.
The technique uses the graphics processing unit (GPU) on a computer in addition to its CPU.
Until recently, GPUs were ill-suited for password cracking because they couldn't handle the fixed-point calculations required by most cryptography algorithms, ElcomSoft said. Newer CPUs, however, can perform fixed-point mathematics, and with as much as 1.5 Gbytes of on-board memory and as many as 128 processing units, they crunch numbers better than general purpose CPUs.
An eight-character Windows Vista logon password, for example, has about 55 trillion possible combinations of upper and lowercase letters and numbers, ElcomSoft said. A current dual-core PC, testing about 10,000 possible passwords a second, would take two months to try every possible combination. The company claims that its new technology could complete such a test in three to five days.
ElcomSoft is something of a legend in security software circles. The Russian firm came into notoriety after Dmitry Sklyarov, a Russian citizen employed by ElcomSoft, was arrested and jailed under U.S. DMCA laws for publishing an eBook format that compromised Adobe's software.
Bruce Schneier, CTO of BT Counterpane and noted security expert, isn't particularly impressed. "They're patenting a trick," he said, noting that a computer forensics company called AccessData has dozens of such tricks.
Schneier points out that password cracking isn't about encryption. It's about the ease with which passwords can be guessed.
AccessData's tricks include creating a dictionary from every printable character string found on the computer where the password-protected application resides. Its software scans for inside documents, in the Windows Registry, in temporary files, in deleted space, everywhere.
Using this information alone, AccessData's software breaks more than half of passwords, according to Schneier.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.