There’s a great article over at Ars Technica about password cracking and how easy it’s become. The ease with which passwords can be cracked are the result of two things:
- Improved hardware using GPU processors, and
- Huge lists of real world passwords that provide guesses and reveal the patterns that users favor when choosing passwords.
Consider the Project Erebus v2.5 computer used to win this year’s Crack Me If You Can contest. It has 8 AMD Radeon HD7970 GPU cards, costs just $12,000, and can brute force the entire 8 character (lower case, upper case, symbols, numbers) NTLM keyspace in just 12 hours. Think about that. If you have a password protecting something important and it’s less than 8 characters, you might as well not bother.
The other thing affecting cracking efficiency is the recent release of millions of real word passwords gathered from the exploits of Gawker, Sony, LinkedIn, and others. This helps in two ways. First, it provides a dictionary of potential passwords to try. Second, it gives insight into how users choose their passwords. It turns out that there are some very common patterns in use and knowing these patterns makes it easy to automate the generation of trial passwords using those patterns.
Be sure to follow the link and read the Ars Technica article. It’s a bit long but there’s a lot of really good information in it. The conclusion that the article reaches is that you can still have a secure password if
- you use a password manager such as 1Password or PasswordSafe to generate long random passwords, and
- you never reuse passwords across multiple sites. Password managers make this easy so it’s yet another reason to use one.
If you have any on-line presence at all, you really need to read this article. It will scare you into password sanity.
One of design goals of the scrypt hash is to specifically thwart GPU attacks. It requires a large amount of memory so that it can’t be parallelized across a GPU, where memory is scarce.
Sadly, many sites think they are state-of-the-art if they use a salted MD5 hash. Most don’t even bother with the salting. There really is no excuse not to use something like scrypt, bcrypt, or PBKDF2 but many–probably most–sites don’t. The rise of cheap, GPU based cracking machines makes the failure to do so malfeasance on a par with storing encrypted passwords along with the associated email address.
This post and many of my others stress the importance of choosing good passwords but it doesn’t do us any good to do the right thing if some bozo site implements stupid security on the server side.