We often write about the ingenious new tricks developed by hackers to penetrate security systems, but rarely do we see how they go about their work. Here's the kit they use to crack your password.
At a recent security conference, called Passwords^12, researcher Jeremi Gosney showed off the kind of rig that hackers use to crack passwords. It's shown in the photograph above.
You're looking at a cluster of five 4U rack servers equipped with 25 AMD Radeon graphics cards, capable of communicating at up to 10 Gbps. On that is run a password cracking program which can churn through 348 billion NTLM password hashes per second.
In other words, plenty of secure passwords can be brute force attacked given a little time. For some perspective, that means a 14 character, LM-encrypted Windows XP password will fall within six minutes. There's plenty more technical detail over at Security Ledger if you're interested.
In the meantime, though, this should make you think twice about the kind of passwords you use: if you don't have long, random strings in use, hackers will be able to nail you. As Boing Boing puts it, yesterday's "password that would take millions of years to break" is this year's "password broken in an afternoon". Set 'em long and strong, people. [Security Ledger]