Every few months, it seems like another major website gets hacked. User accounts are often compromised, releasing millions of passwords into the darker corners of the Internet. Sometimes those passwords are stored in plain-text form, but even if they're hashed, it doesn't take crackers long to work their way back to the original passwords. Ars Technica has published a fascinating article on the strength of modern crackers and the relative weakness of the passwords they're trying to decipher. Turns out the growing compute horsepower of modern graphics cards is making passwords much easier to uncover with brute-force attacks.
Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.
As the article points out, brute force alone isn't enough for longer passwords. Even with the power of a thousand GPUs, it would take about 10 days to bust an eight-character password. Add another character, and the time required rises exponentially.
Crackers aren't using brute-force methods alone, though. They have massive word lists generated not only from dictionaries, but also from the 100 million actual user passwords that have reportedly been released online already. Cracking algorithms are getting smarter, and special "rainbow tables" have reduced the storage footprint of potential character combinations dramatically.
Websites can make life difficult for crackers by "salting" stored passwords with unique characters or by using more computationally intensive hashing algorithms. If crackers are using faster hardware, the encryption side of things needs to keep up. Really, though, it's up to users to employ strong passwords.
|Geil lights up its Evo X ROG-certified RAM||0|
|Google Compute Engine is now powered in part by Pascal||3|
|EVGA slaps 12 GT/s memory on the GTX 1080 Ti FTW3 Elite||11|
|G.Skill unleashes AMD-ready Trident Z RGB kits up to 3200 MT/s||9|
|Asus' ZenFone 4 Pro offers high-end photography and networking||15|
|Radeon 17.9.2 drivers put the pedal to the metal for Project Cars 2||4|
|ROG Strix X299-XE Gaming motherboard is rather groovy||4|
|Miniature Golf Day Shortbread||18|
|GeForce 385.69 drivers are Game Ready for a ton of titles||2|
|I still would strongly recommend against any of Kaby-Lake X SKUs unless you plan on upgrading to a Skylake-X down the road. Just stick with 7700K and...||+24|