Jeremi Gosney's Massive Password Cracking GPU Cluster
I had a chance to talk to Jeremi Gosney about the latest advances in password cracking. Gosney, the CEO of Stricture Consulting Group, recently showed off his latest password cracking rig at the Passwords^12 conference in Norway. The rig, which uses 25 AMD Radeon graphics cards is able to bust every possible 8 character NTLM hash in about 5.5 hours. NTLM has been included in Windows since Server 2003 and replaces the considerably weaker LM hash (which is the password hash equivelent to WEP -- a joke). Gosney's rig is unique in that it uses VCL Virtualization to allow a single controller to communicate with multiple machines loaded with graphics cards. Using HashCat Plus the rig is able to make 350 billion attempts per second against NTLM, 63 billion per second against SHA1 and 180 billion per second against MD5. Bcrypt and SHA512crypt are "safer" for now at 71,000 and 364,000 attempts per second respectively. If you haven't already, go and make your password more complex - and for the love of God stop using the same one on every site.