📜 ⬆️ ⬇️

Selection of 14 character complex password in 5 seconds


For a long time and for a long time they say that using high speeds of the GPU, the selection of passwords will be significantly accelerated. But there are technologies that allow brute force to do more
faster. The Swiss security company Objectif Sécurité used SSD with rainbow tables for its technology.

Apparently the speed of the disk today, and not the speed of the processor, is the factor hindering this work. SSD drives can significantly speed up the process of hacking a password, but how much?

In March of this year, it was already announced that the use of SSD drives would allow a search speed of 300 million passwords per second and a complexly complex password could be cracked in 5.3 seconds.
But what are the realities.

To check the real speed of hacking, hashes of 14 WindowsXP character passwords were taken.


aad3b435b51404eeaad3b435b51404ee: 31d6cfe0d16ae931b73c59d7e0c089c0


Password: Empty password ...
Time: 2 seconds

So, the administrator has not set a password, not good ...

Well, it's not 14 characters.

Like this:

Hash: 17817c9fbf9d272af44dfa1cb95cae33: 6bcec2ba2597f089189735afeaa300d4


Password: 72 @ Fee4S @ mura!
Time: 5 seconds

ABOUT! 5 seconds per password!

We try again:

Hash: ac93c8016d14e75a2e9b76bb9e8c2bb6: 8516cd0838d1a4dfd1ac3e8eb9811350
Password: (689 !!! <> ”QTHp
Time: 8 seconds

Hash: d4b3b6605abec1a16a794128df6bc4da: 14981697efb5db5267236c5fdbd74af6
Password: * mZ? 9% ^ jS743 :!
Time: 5 seconds

And finally:

Hash: 747747dc6e245f78d18aebeb7cabe1d6: 43c6cc2170b7a4ef851a622ff15c6055
Password: T & p / E $ v-O6.1 @}
Time: 11 seconds! A bit had to wait.

The author of course managed to create a password that brought the system to a standstill, it contained characters from the extended ASCII set. But WindowsXP will not allow the use of such a password.

This demonstration convincingly enough shows that using only a password for data protection has long been extremely insufficient. For reliable data integrity, an integrated approach should be used.

This program (ophcrack) is in commercial and free execution. You can familiarize yourself with this program - Here you can also check at the same time how quickly your password is selected.

Ophcrack Open Source - there is also a livecd version.

Source: https://habr.com/ru/post/107243/

All Articles