Cracking every standard Windows password in less than 6 hours with a massive GPU cluster, building a home theater PC for about $300 and blinkenlights. All that and more, this time on Hak5!
Jeremi Gosney's Massive Password Cracking GPU Cluster
I had a chance to talk to Jeremi Gosney about the latest advances in password cracking. Gosney, the CEO of Stricture Consulting Group, recently showed off his latest password cracking rig at the Passwords^12 conference in Norway. The rig, which uses 25 AMD Radeon graphics cards is able to bust every possible 8 character NTLM hash in about 5.5 hours. NTLM has been included in Windows since Server 2003 and replaces the considerably weaker LM hash (which is the password hash equivelent to WEP -- a joke). Gosney's rig is unique in that it uses VCL Virtualization to allow a single controller to communicate with multiple machines loaded with graphics cards. Using HashCat Plus the rig is able to make 350 billion attempts per second against NTLM, 63 billion per second against SHA1 and 180 billion per second against MD5. Bcrypt and SHA512crypt are "safer" for now at 71,000 and 364,000 attempts per second respectively. If you haven't already, go and make your password more complex - and for the love of God stop using the same one on every site.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!