Wednesday, January 02, 2013

Crack windows passwords with GPU

The security of windows has been frowned upon by a lot of people and in the past the security of windows has been considered not the best in the industry. Some still do consider the security of windows still something to worry about and they are probably right in my opinion. However the security of the windows passwords has been improved a lot in the past years. This has been due to new and more strong algorithms to secure the password hashes. In the past it was quite easy to capture and decrypt you SAM file by making use of tools like L0phtCrack. Currently the new way of password encryption has been improved however it is still not perfect.

You can still capture password hashes and challenge them. What has changed is the amount of computing power you need to do so. Researchers now have developed a GPU based password cracker which tries 350 billion guesses per second.
The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 958 combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. 

Such password policies are common in many enterprise settings. The same passwords protected by Microsoft's LM algorithm—which many organizations enable for compatibility with older Windows versions—will fall in just six minutes. 

The Linux-based GPU cluster runs the Virtual OpenCL cluster platform, which allows the graphics cards to function as if they were running on a single desktop computer. ocl-Hashcat Plus, a freely available password-cracking suite optimized for GPU computing, runs on top, allowing the machine to tackle at least 44 other algorithms at near-unprecedented speeds. In addition to brute-force attacks, the cluster can bring that speed to cracks that use a variety of other techniques, including dictionary attacks containing millions of words. More information can be found at

No comments: