There has been a lot of talk recently in the security community about high speed GPU (video card) processors being able to crack passwords very quickly.
But there is a technology that can crack them even faster. A Swiss security company called Objectif Sécurité has created a cracking technology that uses rainbow tables on SSD drives.
it is the hard drive access time and not the processor speed that
slows down cracking speed. So using SSD drives can make cracking
faster, but just how fast?
in March of this year stated that the technique using SSD drives could
crack passwords at a rate of 300 billion passwords a second, and could
decode complex password in under 5.3 seconds.
So, how long would a long complex password hold up to the SSD based cracking technology?
like we need to put this to the test. Most hackers will crack
passwords by decoding the password hash dumps from a compromised
So, I pulled several 14
character complex passwords hashes from a compromised Windows XP SP3
test machine, to see how they would stand up to Objectif’s free online XP hash cracker.
The results were stunning.
Let’s start out with an easy one. Here is the Administrator password hash from the machine:
And putting this into Objectif’s tool we get this response:
Password: Empty password…
Time: 2 seconds
Administrator didn’t set a password, that’s not good…
Okay, that wasn’t 14 characters, let’s try a hard one.
How about this one:
And the response:
Time: 5 Seconds
Wow! that took only 5 seconds and that is a decent password.
Let’s try a few more:
Time: 8 Seconds
Time: 5 Seconds (Try typing that in every day!)
Time: Okay, this one really pushed it to the limits, it took a whole 11 seconds to crack!
impressive, it took only five to eleven seconds in this test to crack
14 character complex passwords. I was able to create a password that
Objectif’s site couldn’t decode; it was using characters from the
extended ASII set.
But, unfortunately, I could not log into the XP system using it either.
Want to see how a password would do without having to exploit a system and dump the password hashes?
allows you to put a password in and it will convert it for you. Then
you can place the hash into the cracker and see how it does.
I believe that this demonstration shows that relying on passwords alone may no longer be a good security measure.
companies and government facilities are moving away from using just
passwords to dual authentication methods. Biometrics and smartcards are
really becoming popular in secure facilities.
And if the rumors are true, it looks like Microsoft may include facial recognition authentication in the next version of Windows. Time to dust off the old Web Cam…
Cross-posted from CyberArms
This article was published by Infosec Island.
Only registered users can write comments.
Please login or register.