Flattr this!

Security researcher shows how passwords are unreliable today.

Security researcher Jeremy Gosney, also known as epixoip, demonstrated how to quickly crack even a complex password, if it is protected with encryption methods which are unreliable.

At the conference Passwords ^ 12 in Oslo, Norway, he showed how a cluster of five servers running Open Computing Language (OpenCL) technology with Virtual OpenCL, equipped with a 5-GPU AMD Radeon, using a program to guess passwords HashCat, can in 6 minutes crack a 14-character password Windows XP, if its protected using the old method of hashing LAN Manager (LM).

In his demonstration Gosney proved that even the most powerful passwords are protected insufficiently challenging unilateral encryption algorithm, such as LM or NT LAN Manager (NTLM), cannot provide adequate protection for the modern development of digital technology.

According to the researcher, even a 14-character password encrypted by LM can be cracked in a few minutes. The fact is that before hashing, LM shares 14-character password into two 7-character string, which reduces their protection against even the 8-character password protected with a new algorithm for NTLM, the selection of which, as stated by the researcher, its cluster requires about 5.5 hours.

Gosney is positioning its development as an ideal method of selecting passwords with stolen hashes. He also talked about how going to earn on their device by renting it out, or providing services for password recovery and auditing. “I have invested too much and I can not do without, not to get something in return” – reports The Security Ledger word expert.