On Sun, 05 Jun 2011 19:12:51 PDT, Paul Ferguson said: > The results are startling. Working against NTLM login passwords, a
So if you've already pwned the system enough to have access to NTLM password hashes, you can break passwords. Gotcha.. > The results are startling. Working against NTLM login passwords, a > password of fjR8n can be broken on the CPU in 24 seconds, at a rate > of 9.8 million password guesses per second. On the GPU, it takes less > than a second at a rate of 3.3 billion passwords per second. > Increase the password to 6 characters (pYDbL6), and the CPU takes 1 > hour 30 minutes versus only four seconds on the GPU. Go further to 7 > characters (fh0GH5h), and the CPU would grind along for 4 days, versus > a frankly worrying 17 minutes 30 seconds for the GPU. Hmm.. 4 seconds for 6 chars, but 17:30 for 6? That's a factor of 262 (probably really 256 and a fuzzy value of 4). So how long does a 15 character password take? That would be 256^9 times 6 chars, or 4,722,366,482,869,645,213,696 times 17 mins 30, or about 157,232,521,785,043,362 GPU-years. Even making it smarter and only trying 96 printables rather than 256 cuts it down to 21,960,108,949 GPU-years. Somehow, I'm more worried about keystroke loggers and similar.
pgpqFGc8O1NMG.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
