Cracking every standard Windows password in less than 6 hours with a massive GPU cluster, building a home theater PC for about $300 and blinkenlights. All that and more, this time on Hak5!

Download HD Download MP4

Jeremi Gosney's Massive Password Cracking GPU Cluster

I had a chance to talk to Jeremi Gosney about the latest advances in password cracking. Gosney, the CEO of Stricture Consulting Group, recently showed off his latest password cracking rig at the Passwords^12 conference in Norway. The rig, which uses 25 AMD Radeon graphics cards is able to bust every possible 8 character NTLM hash in about 5.5 hours. NTLM has been included in Windows since Server 2003 and replaces the considerably weaker LM hash (which is the password hash equivelent to WEP -- a joke). Gosney's rig is unique in that it uses VCL Virtualization to allow a single controller to communicate with multiple machines loaded with graphics cards. Using HashCat Plus the rig is able to make 350 billion attempts per second against NTLM, 63 billion per second against SHA1 and 180 billion per second against MD5. Bcrypt and SHA512crypt are "safer" for now at 71,000 and 364,000 attempts per second respectively. If you haven't already, go and make your password more complex - and for the love of God stop using the same one on every site.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • My friend talks alot about a RaspberrPi? Would that be useful for you at all? … idk :L

  • i use mythtv currently and have been since 2007. I highly recommend it if you are wanting to record OTA via a tuner card, but the compatibility with streaming services has always been a pain. Happy to report though hbogo works with out an issue, but aside from that I supplement with a roku, a media enabled bluray and a ps3. Anyhow, keep up the good work guys, merry christmas and love the show!

  • shy-chris 2 years ago

    Hey Shannon, Hey Darren…
    I’m a big fan of your show! I just watched the episode and i’m going to build my own htpc too…
    The asus mainboard is exactly the one i want to take for my build but instead of buing a case i’ll take my old PS2… I hope it will work and my idea for a hidden usb drive in a old memorycard also…
    since then, go on making such great episodes!

  • Krystake 2 years ago

    What about truecrypt ??? how many time it will require to crack a truecrypt password of 52 characters with uppercase , lowercase , numbers , spaces and special symbols …. encryption algorithm being: serpent-twofish-AES and the hash algorithm beign: SHA-512 ??