Start using 12 character passwords or longer
Teraflop Troubles: The Power of Graphics Processing Units May Threaten the Worlds Password Security System
http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System
"The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.
But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap."
http://www.cnn.com/2010/TECH/innovation/08/20/super.passwords/index.html?hpt=Sbin
http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System
"The researchers used clusters of graphics cards to crack eight-character passwords in less than two hours.
But when the researchers applied that same processing power to 12-character passwords, they found it would take 17,134 years to make them snap."
http://www.cnn.com/2010/TECH/innovation/08/20/super.passwords/index.html?hpt=Sbin
Comments
lol
That would work, but I think you'd have to spell it backwards instead (<- low level encryption scheme that works with our 2nd grader when I want to convey a message to my wife)
"drowssapdrowssap"
Questions to ask yourself:
What am I protecting, and what are the implications of “someone” breaking in? The password on your bank account is likely more important than the password on the forums.
How likely is this particular data to be a “target”? Who are the likely attackers? My PC at home is physically only accessible by my wife, the purpose of the password is to keep her from accidentally using my account to play “Farmville” or something like that. Other than that, there is not a high likely hood that the PC will be targeted. On the other hand, if I had a political blog site, or something more visible (and my bank account type stuff), I’d be more concerned about being a target.
There is also a surprisingly high (or maybe not so surprising if you are “in the know”) number of “random” attacks against any IP address exposed on the Internet. After a while, you learn to ignore the list of “denied” attempts in the firewall log…
John R.
In all seriousness, "it depends".
The times given are usually based on "worse case" (or best case, depending on your viewpoint), meaning that in that period of time "all" cases can be cracked.
Depending on algorithms used, something dictionary based may get cracked much earier in the cycle, regardless of length.
John R.
Some Russians have been using Nvidia graphic processors to crack passwords for a few years now.
If Parallax needs tougher passwords, they simply should refuse shorter one and simpler ones. My Linux software does this. Suggesting won't work, demanding will.
This is really a simple programming issue, that for some reason most programmers have not followed.
All versions of password entry can be programmed with this type of protection, and at almost no cost.
one of two things can happen at the point of large incorrect to correct login attempts,
delete all data.
and/or
notify admin/owner
But none of this matters because if someone wants to steal your password they will do it visually, or some kind of surveillance method, or wiretap.
Or even via some kind of system data manipulation/virus/trojan/usb/pcb hack...
are being used in the defense industry. They are a perfect fit
for some jobs.
Passwords are also sent over the internet and it is a matter of time it takes for computers to crack them.
I was reading about an individual who sent up a phony cell phone tower. What a hacker can do is set up another node between the website and myself.
Computers can be taken over by buffer overflow and if the computer can't tell the difference between data and code then you aren't safe.
Sometimes the weakest link is the user because they install malware.
The graphics cards capabilities lie in the de-encryption of data and the generation of super-position(all possible combination calculated)
Your absolutely right when it comes to data integrity, its all in who the data is traveling through, or in your encryption, but again the encryption can be broken with super-position calculations. (graphic cards)
No need to guess the password, when you can guess the encryption.
Thats the real story behind the graphic card and security.
Also, if the client and the server are using SSL and the password is being sent over SSL, and all traffic between the two nodes is encrypted via the session key which is different each time. So the same encrypted data would look different each login.
Now where things get a bit dicey is that over time data encrypted in the past becomes breakable as newer computers become significantly more powerful than older computers. For example data encrypted with DES back in the 1980's is in theory breakable by a modern computer.
So if an attacker captures some data and it will be valuable in 20 years, then time is on their side. But I change my passwords more frequently than that.
To quote the first article: "in the year 2000 the world's fastest supercomputer, a cluster of linked machines costing $110 million, operated at slightly more than seven teraflops."
So for ~$22,000 , which buys you two of the four-Telsa core machines i mentioned above, you get 8 teraflops. So in 2000, it cost ~15million a teraflop for seven teraflops. Now you can get 8 teraflops for ~$2,818 a teraflop. (the teraflops for the desktop supercomputer assume single-precision floating point). Imagine the society-benefiting applications.
Being my age, the first thing that popped into my mind was: "what fps will a game like Crysis (is that spelled right?) run at on something like this (assuming you could use it for that)" then I started thinking about "society-benefiting" applications.