Thursday, June 02, 2011

Bloody hell! This seems pretty important : Cheap GPUs are rendering strong passwords useless.

Fast GPUs can generate all combinations of passwords in a very short time. I guess the real way to stop this is for systems not to allow brute force testing of passwords to be too quick. Unix's tendency to make you wait to discover your password is wrong is a good thing.

Update :

Ouch! Someone just commented on the story :
These tools operate on the file containing the password hashes, which anyone can access. Since they are only making guesses against the hashes, there are no "failed logins". The only login attempt would be the correct login after they retrieve the correct password.

No comments: