Twitter Facebook Google RSS
Tech Wire 

Cybersecurity Threatened By Common Password Buster 

12  2,010 

By Eric Beidel 

A seven-character password is “hopelessly inadequate,” say scientists at the Georgia Tech Research Institute.

A password with 12 characters may be just as vulnerable.

GTRI researchers have proven that an inexpensive graphics processing unit (GPU) can bust passwords at the speed of a $100 million supercomputer. Until recently, GPUs were difficult to use for anything other than graphics on a computer monitor. But new software has allowed them to be programmed using the popular C language. This enables a technique called “brute forcing,” a high-speed procedure that involves trying every combination of characters to figure out a password.

A password consisting of eight lower-case letters can be cracked in a few minutes using a cluster of GPUs, said Richard Boyd, a senior research scientist and project lead. This puts at risk everyone from the casual user logging into an email account to larger networks used by banking institutions and the military, researchers said.

The longer the password, especially one that includes numbers and symbols, the longer it will take to figure out. A password using every character available on a keyboard could take a group of GPUs thousands of years to crack.

But as graphics cards become more powerful, passwords of any length may still prove ineffective, said Joshua Davis, a research scientist working on the study. Methods relying on two forms of authentication could become necessary, such as using passwords and PIN numbers or even biometric data like fingerprints and face recognition technology, he said.

Submit Your Reader's Comment Below
The content of this field is kept private and will not be shown publicly.
Please enter the text displayed in the image.
The picture contains 6 characters.
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

  Bookmark and Share